[Openswan Users] Openswan and Zyxel?

Nicole.Haehnel nicole.haehnel at gmx.net
Wed Feb 16 15:09:57 CET 2005


No, it's kernel 2.4.21-27.0.1.ELsmp.


Roberto Fichera wrote:

> At 14.12 16/02/2005, Nicole.Haehnel wrote:
>
>> Hi,
>>
>> I tried the configs below and now my connection is established.
>> But I have still the problem that I can't access the zywall after 
>> activating the vpn connection.
>> And although I have a connection established, I can not ping or send 
>> any other packages.
>>
>> Does anybody know the problem?
>
>
> I have the same problem on the box acting as VPN gateway
> (Openswan side) but any problems from other machines which uses
> the VPN gateway as router.
>
> Just to know, did you have a linux 2.6.x kernel?
>
>
>> Thanks!
>>
>> Nicole
>>
>>
>> Roberto Fichera wrote:
>>
>>> At 11.27 04/02/2005, Roberto Fichera wrote:
>>>
>>>> At 10.09 04/02/2005, you wrote:
>>>>
>>>>> Hi,
>>>>>
>>>>> has anybody configured a Zyxel Prestige or Zywall with openswan?
>>>>> And is it working?
>>>>
>>>>
>>>>
>>>> Yes works well :-)!
>>>>
>>>>
>>>>> If so, please post the configs.
>>>>
>>>>
>>>>
>>>> This's my /etc/ipsec.conf
>>>>
>>>> # This file:  /usr/share/doc/openswan/ipsec.conf-sample
>>>> #
>>>> # Manual:     ipsec.conf.5
>>>>
>>>>
>>>> version 2.0     # conforms to second version of ipsec.conf 
>>>> specification
>>>>
>>>> # basic configuration
>>>> config setup
>>>>         interfaces="ipsec0=eth0"
>>>>         klipsdebug=none
>>>>         plutodebug=none
>>>>         # Debug-logging controls:  "none" for (almost) none, "all" 
>>>> for lots.
>>>>         # klipsdebug=none
>>>>         # plutodebug="control parsing"
>>>>
>>>> conn %default
>>>>         keyingtries=3
>>>>         disablearrivalcheck=no
>>>>         authby=secret
>>>>
>>>> # Add connections here
>>>>
>>>> conn VPN1
>>>>         left=XX.YY.11.141
>>>>         leftsubnet=192.168.0.0/24
>>>>         leftnexthop=XX.YY.11.137
>>>>         right=ZZ.KK.11.131
>>>>         rightsubnet=192.168.2.0/24
>>>>         rightnexthop=ZZ.KK.11.129
>>>>         pfs=yes
>>>>         auto=start
>>>>         keylife=9600s
>>>>         keyingtries=0
>>>>
>>>> #Disable Opportunistic Encryption
>>>> include /etc/ipsec.d/examples/no_oe.conf
>>>>
>>>> this's the /etc/ipsec.secrets
>>>>
>>>> XX.YY.11.141 ZZ.KK.11.131 : PSK  "yourpresharedkey"
>>>>
>>>> : RSA   {
>>>>         .........
>>>>         ........
>>>>         }
>>>> # do not change the indenting of that "}"
>>>>
>>>>
>>>> the Zywall-10 configuration is the follow:
>>>>
>>>>                             Menu 27.1.1 - IPSec Setup
>>>>
>>>>           Index #= 1        Name= VPN1
>>>>           Active= Yes       Keep Alive= No
>>>>           Local ID type= IP         Content= ZZ.KK.11.131
>>>>           My IP Addr= 217.59.11.131
>>>>           Peer ID type= IP          Content= XX.YY.11.141
>>>>           Secure Gateway Addr= XX.YY.11.141
>>>>           Protocol= 0
>>>>           Local:  Addr Type= SUBNET
>>>>               IP Addr Start= 192.168.2.0      End/Subnet Mask= 
>>>> 255.255.255.0
>>>>                  Port Start= 0                End= N/A
>>>>           Remote: Addr Type= SUBNET
>>>>               IP Addr Start= 192.168.0.0      End/Subnet Mask= 
>>>> 255.255.255.0
>>>>                  Port Start= 0                End= N/A
>>>>           Enable Replay Detection= Yes
>>>>           Key Management= IKE
>>>>           Edit Key Management Setup= No
>>>>
>>>>                     Press ENTER to Confirm or ESC to Cancel:
>>>>
>>>>                             Menu 27.1.1.1 - IKE Setup
>>>>
>>>>                     Phase 1
>>>>                       Negotiation Mode= Main
>>>>                       Pre-Shared Key= yourpresharedkey
>>>>                       Encryption Algorithm= 3DES
>>>>                       Authentication Algorithm= MD5
>>>>                       SA Life Time (Seconds)= 3600
>>>>                       Key Group= DH2
>>>>
>>>>                     Phase 2
>>>>                       Active Protocol= ESP
>>>>                       Encryption Algorithm= 3DES
>>>>                       Authentication Algorithm= MD5
>>>>                       SA Life Time (Seconds)= 9600
>>>>                       Encapsulation= Tunnel
>>>>                       Perfect Forward Secrecy (PFS)= DH2
>>>>
>>>>                     Press ENTER to Confirm or ESC to Cancel:
>>>>
>>>> That's all!
>>>
>>>
>>>
>>> I forgot the changes to the autoexec.net on the Zywall1-10 side, you 
>>> have to add
>>> the "ipsec timer chk_conn 0" in order to avoid to disconnect the VPN
>>> when
>>> there isn't traffic on the tunel.
>>>
>>> Copyright (c) 1994 - 2002 ZyXEL Communications Corp.
>>> Zywall> sys view autoexec.net
>>> sys errctl 0
>>> sys trcl level 5
>>> sys trcl type 1180
>>> sys trcp cr 96 128
>>> sys trcl sw off
>>> ip tcp mss 1400
>>> ip tcp limit 2
>>> ip tcp irtt 65000
>>> ip tcp window 16
>>> ip tcp ceiling 6000
>>> ip rip activate
>>> ip rip merge on
>>> ip icmp disc enif0 off
>>> ppp ipcp com off
>>> sys wd sw on
>>> sys wd cnt 600
>>> sys mbuf debug off
>>> ip urlfilter listServerName urllist.zyxel.com
>>> ip nat loopback on
>>> ---> ipsec timer chk_conn 0
>>> Zywall>
>>>
>>>
>>>
>>>
>>>>> I tried to configure a Zywall, but if I start vpn activity, I can 
>>>>> not access the router again
>>>>> and the tunnel is also not working.
>>>>>
>>>>> Thanks!
>>>>>
>>>>> Nicole
>>>>> _______________________________________________
>>>>> Users mailing list
>>>>> Users at openswan.org
>>>>> http://lists.openswan.org/mailman/listinfo/users
>>>>
>>>>
>>>>
>>>> Roberto Fichera.
>>>> _______________________________________________
>>>> Users mailing list
>>>> Users at openswan.org
>>>> http://lists.openswan.org/mailman/listinfo/users
>>>
>>>
>>>
>>> Roberto Fichera.
>>
>
> Roberto Fichera.
>



More information about the Users mailing list