[Openswan Users] RE : help with ipsec + zywall

reza issanyr at olympecti.fr
Fri Jun 12 01:32:46 EDT 2009


I don't know these routers (mikrotik), but if someone knows if netgear or dlink routers
are good for voip, maybe I'll buy one to test.
 
thanks for your helps
---
Reza ISSANY
Ingénieur Système
ZA Les Playes - Jean Monnet Sud
Avenue de Lisbonne
83500 La Seyne sur Mer

________________________________

De: Faizan Syed [mailto:consultant77pk at yahoo.com]
Date: jeu. 6/11/2009 22:48
À: reza; users at openswan.org
Objet : Re: [Openswan Users] help with ipsec + zywall



RE : [Openswan Users] help with ipsec + zywallYes its difficult for voip but
we are running ipsec and mikrotik successfuly for voip. Be sure your zyxel
or linux are not restarting otherwise it will crash and u have to reconnect.
Its an issue with ipsec. can u plz chek the system logs it crashed due to
restart or something else.


Faizan

----- Original Message -----
From: reza
To: Faizan Syed ; users at openswan.org
Sent: Wednesday, June 10, 2009 11:31 AM
Subject: RE : [Openswan Users] help with ipsec + zywall


Thanks for your answer.
Here it is my router config :

---------- IKE Setup ----------
Authentication Method: Pre-Shared Key
Phase 1 - Negotiation Mode= Main
        Authentication= preShareKey
        Key= xxxxxxxxxxx
          Encryption Algorithm= 3DES   Authentication Algorithm= MD5
          SA Life Time (Seconds)= 86400   Key Group= DH2

ras> ipsec ipsecDisplay 1
---------- IPSec Setup ----------
Index #= 1     Active= Yes   Multi Pro = No    Protocol= 0 Global SW= 0xA
Bound IKE 1     NailUp = Yes  Netbios = No   Name= vpn
ControlPing = No  LogControlPing = No  Control ping address = 0.0.0.0
Local:  Addr Type= SUBNET      Port Start= 0         End= N/A
        IP Addr Start= 192.168.1.0          Mask= 255.255.255.0
Remote: Addr Type= SUBNET      Port Start= 0         End= N/A
        IP Addr Start= 192.168.2.0          Mask= 255.255.255.0

Enable Replay Detection= Yes   Key Management= IKE
Phase 2 - Active Protocol= ESP
          Encryption Algorithm= 3DES   Authentication Algorithm= MD5
          SA Life Time (Seconds)= 86400
          Encapsulation= Tunnel   Perfect Forward Secrecy (PFS)= DH2

The SA Life Time is the maximum that the router can support. But I have
build the tunnel yesterday, and today this tunnel
was down. There will be a VoIP system in this tunnel. I cannot tell to
everyone that everyday it is possible that the vpn can crash.
Especially if it I have to rebuild it everyday :s bad bad bad.

Any idea ?

---
Reza ISSANY
Ingénieur Système
ZA Les Playes - Jean Monnet Sud
Avenue de Lisbonne
83500 La Seyne sur Mer



-------- Message d'origine--------
De: Faizan Syed [mailto:consultant77pk at yahoo.com]
Date: mer. 6/10/2009 08:29
À: reza; users at openswan.org
Objet : Re: [Openswan Users] help with ipsec + zywall

Hi Reza.

There is nothing wrong in config, usualy its compatibility issue, and some
routers can not persist a connection
like this Zywall is a Zyxell model u told. I was facing the same issue usin
with Mikrotik Router OS, usualy routers
have some Lifetime config settings that you have to chek and make sure its
either disabled or set to the max to
keep the connection alive. Also try changing on IPsec 'auto=start'

Faizan Syed
Adhoc Technologies


----- Original Message -----
From: reza
To: users at openswan.org
Sent: Tuesday, June 09, 2009 8:51 PM
Subject: [Openswan Users] help with ipsec + zywall


Hi,

Forgive me for my bad english. I'm a french people.

I'm trying to configure openswan with a zywall router using an ath by
rsasig.

I can get workinf the tunnel, but periodically (randomly), the tunnel
crashes.
When I verify the status of this vpn connection, I can see that the tunnel
is established,
but there is no traffic. I have to down my connection, hangup the zywall
side (bouton hangup in admin panel),
and without any up, the connection is negiciated and established, and all
traffic work.

My conf :
conn techvar
    # materiel : zywall 2 plus
    #local
    left=publicipoftheopenswanbox
    leftsubnet=192.168.2.0/24
    leftid=xxxxxxxxxx
    authby=secret
    pfs=yes
    auth=esp
    aggrmode=no
    disablearrivalcheck=no
    esp=3des-md5-96
    # remote
    right=publiipofthezywall
    rightsubnet=192.168.1.0/24
    rightid=xxxxxxx
    auto=add

Any idea to solve the problem ?

Thanks in advance for your help.



_______________________________________________
Users at openswan.org
http://lists.openswan.org/mailman/listinfo/users
Building and Integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155




-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20090612/8716f16a/attachment.html 


More information about the Users mailing list