[vpn-help] Connecting to Zywall - Tunnel established, routing broken?

Lukasz Sokol el.es.cr at googlemail.com
Thu Aug 5 09:24:10 CDT 2010 

Hello Ralf,

which ZyWALL device are you connecting to ?

I tried a few times to (not only Shrew, GreenBow too) configure IPSEC tunnel(s), using zywall 5, 35 or usg300,
only to be beaten by phase2 error - i.e. i could not enter tunnel-client settings compatible
with zywall; it was looking like zywall had to have phase2 id == ipsec client policy or else
connection was ended by gateway due to phase1 timeout or phase2 id mismatch.
(yes it was long ago and I found my way without using ipsec vpn, but still interested why I failed)

Would you share your configuration idea please ?

Lukasz

On 05/08/2010 07:26, Ralf Steppacher wrote:
> Matthew,
> 
> thanks for the fast response. Unfortunately making the change you
> suggest does not make a difference. Depending on what I set under the
> policy tab I get two different results when trying to ping a host on the
> remote network:
> 
> ralf at ralf-ubuntu:/etc$ ping 192.168.50.10
> PING 192.168.50.10 (192.168.50.10) 56(84) bytes of data.
> ^C
> --- 192.168.50.10 ping statistics ---
> 8 packets transmitted, 0 received, 100% packet loss, time 7006ms
> 
> Or
> 
> ralf at ralf-ubuntu:/etc$ ping 192.168.50.10
> PING 192.168.50.10 (192.168.50.10) 56(84) bytes of data.
>>From 192.168.50.81 icmp_seq=1 Destination Host Unreachable
>>From 192.168.50.81 icmp_seq=2 Destination Host Unreachable
>>From 192.168.50.81 icmp_seq=3 Destination Host Unreachable
>>From 192.168.50.81 icmp_seq=4 Destination Host Unreachable
>>From 192.168.50.81 icmp_seq=5 Destination Host Unreachable
>>From 192.168.50.81 icmp_seq=6 Destination Host Unreachable
> ^C
> --- 192.168.50.10 ping statistics ---
> 7 packets transmitted, 0 received, +6 errors, 100% packet loss, time
> 6018ms
> , pipe 4
> 
> 192.168.50.81 is the IP assigned to the tap0 interface.
> 
> 
> Thanks for your help!
> Ralf
> 
> 
> On Wed, 2010-08-04 at 22:57 -0500, Matthew Grooms wrote:
>> On 8/4/2010 9:13 AM, Ralf Steppacher wrote:
>>> Hello all,
>>>
>>> I am trying to connect to our corporate network via a Zywall and the Shrew VPN Client 2.1.5 from my Ubuntu 10.04 PC. I followed the Zywall wiki howto as best as I could, having no access to the Zywall configuration.
>>>
>>> I managed to establish a tunnel from my PC to the Zywall, but none of the IP addresses on the remote network are reachable/pingable. My local gateway is still pingable though. I guess it is a routing issue?
>>>
>>> My kernel routes with the tunnel open look like this. 192.168.1.0 being my local network, 192.168.50.0 being the corporate network.
>>>
>>> ralf at ralf-ubuntu:~$ route
>>> Kernel IP routing table
>>> Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
>>> default         192.168.50.81   255.255.255.0   UG    0      0        0 tap0
>>> 192.168.50.0    *               255.255.255.0   U     0      0        0 tap0
>>> 192.168.1.0     *               255.255.255.0   U     2      0        0 wlan0
>>> link-local      *               255.255.0.0     U     1000   0        0 wlan0
>>> default         192.168.1.1     0.0.0.0         UG    0      0        0 wlan0
>>>
>>> Does that look right to you?
>>>
>>> If it is OK, what else could be wrong?
>>> In particular, I am unsure about what to set on the "Policy" tab of the client.
>>>
>>
>> Did you read this?
>>
>> http://lists.shrew.net/mailman/htdig/vpn-help/2008-November/001827.html
>>
>> -Matthew
>> _______________________________________________
>> vpn-help mailing list
>> vpn-help at lists.shrew.net
>> http://lists.shrew.net/mailman/listinfo/vpn-help
> 
> 
> _______________________________________________
> vpn-help mailing list
> vpn-help at lists.shrew.net
> http://lists.shrew.net/mailman/listinfo/vpn-help
>

More information about the vpn-help mailing list