[vpn-help] VPN OpenSuse 11.3 with Zywall Problem

Ignacio Garcia de Hoyos ignaciogarciahoyos at yahoo.es
Mon Sep 20 08:16:57 CDT 2010 

Hello,

I Have a VPN connect problem with Shrew 2.1.6 from OpenSuse 11.3 32bits 
with a Zywall 5 but i have a correct VPN connection with Shrew 2.1.5 
from Windows 7 with the same Zywall 5 and the same VPN settings

The VPN connect but don't work, on Zywall SA Monitor show:

Name                                    Local Network                   
   Remote Network        Encapsulation             IPSec Algorithm
serverNET             bbb.bbb.bbb.0 / 255.255.255.0            
ccc.ccc.ccc.ccc                Tunnel                    ESP ???--MD5

The correct Zywall SA Monitor should be:

serverNET             bbb.bbb.bbb.0 / 255.255.255.0            
ccc.ccc.ccc.ccc                Tunnel                    ESP DES--MD5

I think the problem is with Phase 2 Transform Algorithm on OpenSuse, but 
i don't know why don't work on Linux but work on windows 7, with the 
same shrew client settings

My VPN configuration is:

Zywall:

-GATEWAY POLICY
-- Property Section
NAT Traversal: Check
-- Gateway Policy Information
My Address: 0.0.0.0 [Dynamic VPN Settings]
-- Authentication key Section
Pre-Shared Key: [password]
-- IKE Proposal Section
Negotiation Mode:    main
Encryption Algorithm: DES
Authentication Algorithm:    MD5
SA Life Time:    28800
Key Group:    DH1
- NETWORK POLICY SECTION
--Local Network Section
Address Type: Subnet Address [Private Class C IP Subnet bbb.bbb.bbb.0/24]
-- Remote Network
Address Type: Single Address [Dynamic VPN Settings]
-- IPSec Proposal
Encapsulation Mode:    Tunnel
Active Protocol:    ESP
Encryption Algorithm:    DES
Authentication Algorithm:    MD5
SA Life Time (seconds):    28800
Perfect Forward Secrecy: NONE

Client (Shrew 2.1.6) :

- General Tab
Host Name:                    dns.qualificated.name
Port:                               500
Auto Configuration:         ike config pull
Address Method:            Use existing adapter and current address
- Client Tab
NAT Traversal:               disable
IKE Fragmentation:         enable
Maximum Packet Size:    540
Enable Dead Peer Detection:    Check
Enable IKSAMP Failure Notifications:    Check
Enable Client Login Banner:    Check
-Name Resolution Tab
Enable DNS:    UnCheck
- Authentication:
Authetication Method:    Mutual PSK
-- Local Identity Tab
Identification Type:        IP Address
Addres String, Use discovered local host address:    Check
-- Remote Identity Tab
Identification Type:        IP address
Addres String:    aaa.aaa.aaa.aaa [a correct IP]
-- Credentials Tab
Pre Shared Key:    [password]
- Phase 1 Tab
Exchange Type:        main
DH Exchange:          group 1
Cipher Algorithm:     des
Hash Algorithm:        md5
Key Life Time Limit:    28800
Key Life Time Limit:    0
- Phase 2 Tab
Transform Algorithm:    des [on windows 7 = esp-des]
HMAC Algorithm:        md5
PFS Exchange:             disabled
Compression Algorithm:    disabled
Key Life Time Limit:        28800
Key Life Data Limit:        0
- Policy Tab
Policy Generation Level:    auto
Maintain Persistent Security Associations: UnCheck
Obtain Topology Automatically or Tunnel All: UnCheck
Type: Bidirectional - [Private Class C IP Subnet bbb.bbb.bbb.0/24]

Thank you very much

More information about the vpn-help mailing list