[Openswan Users] Openswan and Zyxel?
Nicole.Haehnel
nicole.haehnel at gmx.net
Wed Feb 16 15:09:57 CET 2005
No, it's kernel 2.4.21-27.0.1.ELsmp.
Roberto Fichera wrote:
> At 14.12 16/02/2005, Nicole.Haehnel wrote:
>
>> Hi,
>>
>> I tried the configs below and now my connection is established.
>> But I have still the problem that I can't access the zywall after
>> activating the vpn connection.
>> And although I have a connection established, I can not ping or send
>> any other packages.
>>
>> Does anybody know the problem?
>
>
> I have the same problem on the box acting as VPN gateway
> (Openswan side) but any problems from other machines which uses
> the VPN gateway as router.
>
> Just to know, did you have a linux 2.6.x kernel?
>
>
>> Thanks!
>>
>> Nicole
>>
>>
>> Roberto Fichera wrote:
>>
>>> At 11.27 04/02/2005, Roberto Fichera wrote:
>>>
>>>> At 10.09 04/02/2005, you wrote:
>>>>
>>>>> Hi,
>>>>>
>>>>> has anybody configured a Zyxel Prestige or Zywall with openswan?
>>>>> And is it working?
>>>>
>>>>
>>>>
>>>> Yes works well :-)!
>>>>
>>>>
>>>>> If so, please post the configs.
>>>>
>>>>
>>>>
>>>> This's my /etc/ipsec.conf
>>>>
>>>> # This file: /usr/share/doc/openswan/ipsec.conf-sample
>>>> #
>>>> # Manual: ipsec.conf.5
>>>>
>>>>
>>>> version 2.0 # conforms to second version of ipsec.conf
>>>> specification
>>>>
>>>> # basic configuration
>>>> config setup
>>>> interfaces="ipsec0=eth0"
>>>> klipsdebug=none
>>>> plutodebug=none
>>>> # Debug-logging controls: "none" for (almost) none, "all"
>>>> for lots.
>>>> # klipsdebug=none
>>>> # plutodebug="control parsing"
>>>>
>>>> conn %default
>>>> keyingtries=3
>>>> disablearrivalcheck=no
>>>> authby=secret
>>>>
>>>> # Add connections here
>>>>
>>>> conn VPN1
>>>> left=XX.YY.11.141
>>>> leftsubnet=192.168.0.0/24
>>>> leftnexthop=XX.YY.11.137
>>>> right=ZZ.KK.11.131
>>>> rightsubnet=192.168.2.0/24
>>>> rightnexthop=ZZ.KK.11.129
>>>> pfs=yes
>>>> auto=start
>>>> keylife=9600s
>>>> keyingtries=0
>>>>
>>>> #Disable Opportunistic Encryption
>>>> include /etc/ipsec.d/examples/no_oe.conf
>>>>
>>>> this's the /etc/ipsec.secrets
>>>>
>>>> XX.YY.11.141 ZZ.KK.11.131 : PSK "yourpresharedkey"
>>>>
>>>> : RSA {
>>>> .........
>>>> ........
>>>> }
>>>> # do not change the indenting of that "}"
>>>>
>>>>
>>>> the Zywall-10 configuration is the follow:
>>>>
>>>> Menu 27.1.1 - IPSec Setup
>>>>
>>>> Index #= 1 Name= VPN1
>>>> Active= Yes Keep Alive= No
>>>> Local ID type= IP Content= ZZ.KK.11.131
>>>> My IP Addr= 217.59.11.131
>>>> Peer ID type= IP Content= XX.YY.11.141
>>>> Secure Gateway Addr= XX.YY.11.141
>>>> Protocol= 0
>>>> Local: Addr Type= SUBNET
>>>> IP Addr Start= 192.168.2.0 End/Subnet Mask=
>>>> 255.255.255.0
>>>> Port Start= 0 End= N/A
>>>> Remote: Addr Type= SUBNET
>>>> IP Addr Start= 192.168.0.0 End/Subnet Mask=
>>>> 255.255.255.0
>>>> Port Start= 0 End= N/A
>>>> Enable Replay Detection= Yes
>>>> Key Management= IKE
>>>> Edit Key Management Setup= No
>>>>
>>>> Press ENTER to Confirm or ESC to Cancel:
>>>>
>>>> Menu 27.1.1.1 - IKE Setup
>>>>
>>>> Phase 1
>>>> Negotiation Mode= Main
>>>> Pre-Shared Key= yourpresharedkey
>>>> Encryption Algorithm= 3DES
>>>> Authentication Algorithm= MD5
>>>> SA Life Time (Seconds)= 3600
>>>> Key Group= DH2
>>>>
>>>> Phase 2
>>>> Active Protocol= ESP
>>>> Encryption Algorithm= 3DES
>>>> Authentication Algorithm= MD5
>>>> SA Life Time (Seconds)= 9600
>>>> Encapsulation= Tunnel
>>>> Perfect Forward Secrecy (PFS)= DH2
>>>>
>>>> Press ENTER to Confirm or ESC to Cancel:
>>>>
>>>> That's all!
>>>
>>>
>>>
>>> I forgot the changes to the autoexec.net on the Zywall1-10 side, you
>>> have to add
>>> the "ipsec timer chk_conn 0" in order to avoid to disconnect the VPN
>>> when
>>> there isn't traffic on the tunel.
>>>
>>> Copyright (c) 1994 - 2002 ZyXEL Communications Corp.
>>> Zywall> sys view autoexec.net
>>> sys errctl 0
>>> sys trcl level 5
>>> sys trcl type 1180
>>> sys trcp cr 96 128
>>> sys trcl sw off
>>> ip tcp mss 1400
>>> ip tcp limit 2
>>> ip tcp irtt 65000
>>> ip tcp window 16
>>> ip tcp ceiling 6000
>>> ip rip activate
>>> ip rip merge on
>>> ip icmp disc enif0 off
>>> ppp ipcp com off
>>> sys wd sw on
>>> sys wd cnt 600
>>> sys mbuf debug off
>>> ip urlfilter listServerName urllist.zyxel.com
>>> ip nat loopback on
>>> ---> ipsec timer chk_conn 0
>>> Zywall>
>>>
>>>
>>>
>>>
>>>>> I tried to configure a Zywall, but if I start vpn activity, I can
>>>>> not access the router again
>>>>> and the tunnel is also not working.
>>>>>
>>>>> Thanks!
>>>>>
>>>>> Nicole
>>>>> _______________________________________________
>>>>> Users mailing list
>>>>> Users at openswan.org
>>>>> http://lists.openswan.org/mailman/listinfo/users
>>>>
>>>>
>>>>
>>>> Roberto Fichera.
>>>> _______________________________________________
>>>> Users mailing list
>>>> Users at openswan.org
>>>> http://lists.openswan.org/mailman/listinfo/users
>>>
>>>
>>>
>>> Roberto Fichera.
>>
>
> Roberto Fichera.
>
More information about the Users
mailing list