1. Home
  2. Networking Firewalls
  3. VPN with Zywall, help me

VPN with Zywall, help me

I have a zywall 70 and the ssh sentinel as software vpn client. I tried to estabilish the VPN connection from my personal pc at home, with the subnet where i work; but i recieve some errors. I configure Vpn using the "pre-shared key" and not with certificate. But i don't know if the other configuration its ok... How can I configure the Mobile vpn?! Are there some manuals?!

This is part of the log of ssh sentinel.

0.0.0.0:500 (Initiator) xxx.xxx.xxx.xxx:500 { f901f0b8 94000008 - 00000000 00000000 [-1] / 0x00000000 } IP; Removing negotiation 0.0.0.0:500 (Initiator) xxx.xxx.xxx.xxx:500 { f901f0b8 94000008 - 00000000 00000000 [-1] / 0x00000000 } IP; Connection timed out or error, calling callback 0.0.0.0:500 (Initiator) xxx.xxx.xxx.xxx:500 { f901f0b8 94000008 - 00000000 00000000 [-1] / 0x00000000 } IP; Deleting negotiation

Thanks!!!!!!

Reply to
ringhio
Loading thread data ...

You need the logs from the other side, they'll tell you what the error is hopefully. What you have is the equivalent of a flat "no" (unless somebody more familiar with zywall can decode the flags for us)

-Russ.

Reply to
Somebody.

In the zywall I haven't any logs about the VPN. At home I have an adsl flat, but i tried in other location with "ADSL business" The zywall 70 is router and firewall. The configuration in the zywall is:

Authentication: Pre-shared key =F4=80=80=80 IKE Encryption: 3DES =F4=80=80=80 IKE Integrity: MD5 =F4=80=80=80 IKE Mode: Aggressive or Main mode(I've tried both) =F4=80=80=80 IKE Group: MOPD 1024 (group 2) =F4=80=80=80 IPSec Encryption: 3DES =F4=80=80=80 IPSec Integrity: HMAC-MD5 =F4=80=80=80 IPSec Mode: Tunnel =F4=80=80=80 PFS Group: MODP 1024 (group 2)

In the ssh sentinel client I configured the same pre-shared key and as gateway I used the Wan1 of the firewall. (I've also tried enable the "NAT Traversal Flag"

I've also tried the configuration of certificates instead of pre-shared-key but I don't know if I understand well how they may be configured.

Have you got any ideas?!!?! Thanks

Reply to
ringhio

.>?? IKE Integrity: MD5

  1. Don't try certs use preshared keys.
  2. you need nat traversal enabled if you're behind a router with the client, striaght out adsl (public ip on your workstation) does not need it but there is generally no harm in enabling it anyway
  3. If your zywall won't give you specific errors, this is not possible without documentation unless you get *really* lucky since you will have no idea which part of the configuration you got right or wrong, the initiator is not given to know why it failed, only the recipient knows why it refuse the initiator.
  4. The ssh sentinal client is a generic client, not intended specifically for the Zywall. Therefore it allows you the full range of configuration options, most of which will be wrong for the zywall. The zywall may even require a proprietary client; I'm not familiar with the zywall at all. You are attempting a nearly impossible task, using a generic client to talk to a firewall with no debugging information from the target and minimal possible firewall configuration options, with no documentation to boot.

Your chances are very slim, my friend. Troll around with google to find somebody that already did this, or get the actual zywall client.

-Russ.

-Russ.

Reply to
Somebody.

Try to use ViPNet VPN -

formatting link
It can handle connections over devices like Zywall - pefectly. There is no certs or presared-key's headache.

Reply to
Norvik

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.