[Openswan Users] RE : help with ipsec + zywall
reza
issanyr at olympecti.fr
Fri Jun 12 01:32:46 EDT 2009
I don't know these routers (mikrotik), but if someone knows if netgear or dlink routers
are good for voip, maybe I'll buy one to test.
thanks for your helps
---
Reza ISSANY
Ingénieur Système
ZA Les Playes - Jean Monnet Sud
Avenue de Lisbonne
83500 La Seyne sur Mer
________________________________
De: Faizan Syed [mailto:consultant77pk at yahoo.com]
Date: jeu. 6/11/2009 22:48
À: reza; users at openswan.org
Objet : Re: [Openswan Users] help with ipsec + zywall
RE : [Openswan Users] help with ipsec + zywallYes its difficult for voip but
we are running ipsec and mikrotik successfuly for voip. Be sure your zyxel
or linux are not restarting otherwise it will crash and u have to reconnect.
Its an issue with ipsec. can u plz chek the system logs it crashed due to
restart or something else.
Faizan
----- Original Message -----
From: reza
To: Faizan Syed ; users at openswan.org
Sent: Wednesday, June 10, 2009 11:31 AM
Subject: RE : [Openswan Users] help with ipsec + zywall
Thanks for your answer.
Here it is my router config :
---------- IKE Setup ----------
Authentication Method: Pre-Shared Key
Phase 1 - Negotiation Mode= Main
Authentication= preShareKey
Key= xxxxxxxxxxx
Encryption Algorithm= 3DES Authentication Algorithm= MD5
SA Life Time (Seconds)= 86400 Key Group= DH2
ras> ipsec ipsecDisplay 1
---------- IPSec Setup ----------
Index #= 1 Active= Yes Multi Pro = No Protocol= 0 Global SW= 0xA
Bound IKE 1 NailUp = Yes Netbios = No Name= vpn
ControlPing = No LogControlPing = No Control ping address = 0.0.0.0
Local: Addr Type= SUBNET Port Start= 0 End= N/A
IP Addr Start= 192.168.1.0 Mask= 255.255.255.0
Remote: Addr Type= SUBNET Port Start= 0 End= N/A
IP Addr Start= 192.168.2.0 Mask= 255.255.255.0
Enable Replay Detection= Yes Key Management= IKE
Phase 2 - Active Protocol= ESP
Encryption Algorithm= 3DES Authentication Algorithm= MD5
SA Life Time (Seconds)= 86400
Encapsulation= Tunnel Perfect Forward Secrecy (PFS)= DH2
The SA Life Time is the maximum that the router can support. But I have
build the tunnel yesterday, and today this tunnel
was down. There will be a VoIP system in this tunnel. I cannot tell to
everyone that everyday it is possible that the vpn can crash.
Especially if it I have to rebuild it everyday :s bad bad bad.
Any idea ?
---
Reza ISSANY
Ingénieur Système
ZA Les Playes - Jean Monnet Sud
Avenue de Lisbonne
83500 La Seyne sur Mer
-------- Message d'origine--------
De: Faizan Syed [mailto:consultant77pk at yahoo.com]
Date: mer. 6/10/2009 08:29
À: reza; users at openswan.org
Objet : Re: [Openswan Users] help with ipsec + zywall
Hi Reza.
There is nothing wrong in config, usualy its compatibility issue, and some
routers can not persist a connection
like this Zywall is a Zyxell model u told. I was facing the same issue usin
with Mikrotik Router OS, usualy routers
have some Lifetime config settings that you have to chek and make sure its
either disabled or set to the max to
keep the connection alive. Also try changing on IPsec 'auto=start'
Faizan Syed
Adhoc Technologies
----- Original Message -----
From: reza
To: users at openswan.org
Sent: Tuesday, June 09, 2009 8:51 PM
Subject: [Openswan Users] help with ipsec + zywall
Hi,
Forgive me for my bad english. I'm a french people.
I'm trying to configure openswan with a zywall router using an ath by
rsasig.
I can get workinf the tunnel, but periodically (randomly), the tunnel
crashes.
When I verify the status of this vpn connection, I can see that the tunnel
is established,
but there is no traffic. I have to down my connection, hangup the zywall
side (bouton hangup in admin panel),
and without any up, the connection is negiciated and established, and all
traffic work.
My conf :
conn techvar
# materiel : zywall 2 plus
#local
left=publicipoftheopenswanbox
leftsubnet=192.168.2.0/24
leftid=xxxxxxxxxx
authby=secret
pfs=yes
auth=esp
aggrmode=no
disablearrivalcheck=no
esp=3des-md5-96
# remote
right=publiipofthezywall
rightsubnet=192.168.1.0/24
rightid=xxxxxxx
auto=add
Any idea to solve the problem ?
Thanks in advance for your help.
_______________________________________________
Users at openswan.org
http://lists.openswan.org/mailman/listinfo/users
Building and Integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20090612/8716f16a/attachment.html
More information about the Users
mailing list