Linux FreeS/WAN  VPN to ZyWALL Tunneling

  1. Setup FreeS/WAN VPN
  2. Setup ZyWALL VPN

This page guides us to setup a VPN connection between FreeS/WAN and ZyWALL router. There will be several devices we need to setup for this case. They are Linux FreeS/WAN and ZyWALL router.

As the figure shown below, the tunnel between PC 2 and ZyWALL ensures the packets flow between them are secure. Because the packets go through the IPSec tunnel are encrypted. To setup this VPN tunnel, the required settings for FreeS/WAN and ZyWALL are explained in the following sections. 

The IP addresses we use in this example are as shown below.

LAN 1 ZyWALL  FreeS/WAN Linux box

LAN 2 

192.168.0.0/24

 LAN: 192.168.0.254
WAN:  202.132.170.1 Gateway: 202.132.170.254		 LAN: 192.168.10.20
WAN:  65.170.185.111  Gateway:  65.170.185.65		 192.168.10.0/24

1. Setup FreeS/WAN

We presume that your Linux's kernel has been compiled to support FreeS/WAN, and FreeS/WAN has been also installed successfully in your system. You can refer to the following URL for more information, http://www.FreeS/WAN.org/.

Two files must be configured in /etc directory.

ipsec.conf:

config setup
        interfaces="ipsec0=eth1"
        klipsdebug=none
        plutodebug=none
        plutoload=%search
        plutostart=%search
conn %default
        keyingtries=3
conn zywall
        left=65.170.185.111
        leftsubnet=192.168.10.0/24
        leftnexthop=65.170.185.65
        right=202.132.170.1
        rightsubnet=192.168.0.0/24
        rightnexthop=202.132.170.254
        auto=start
        pfs=no 
        authby=secret

ipsec.secrets:

65.170.185.111  202.132.170.1 : PSK  "12345678"

 

2. Setup ZyWALL VPN

  1. Using a web browser, login ZyWALL by giving the LAN IP address of ZyWALL in URL field. The LAN IP in tihs example is 192.168.0.1, default password to login web configurator is 1234.
  2. Go to SECURITY->VPN->Press Add button
  3. check Active check box and give a name to this policy.
  4. Select IPSec Keying Mode to IKE and Negotiation Mode to Main, Linux FreeS/WAN only supports Main mode.
  5. In Local section, choose Subnet Address as Address Type. Source IP Address Start is 192.168.0.0 and End is 255.255.255.0 in this example. (the secure network behind ZyWALL)
  6. In Remote section, choose Subnet Address as Address Type. Source IP Address Start is 192.168.10.0 and End is 255.255.255.0. (the secure network behind Linux)
  7. My IP Addr is the WAN IP of ZyWALL.
  8. Secure Gateway IP Addr is the remote secure gateway IP, that is Linx box in this example.
  9. Select Encapsulation Mode to Tunnel.
  10. Check the ESP check box. (AH can not be used in SUA/NAT case)
  11. Select Encryption Algorithm to 3DES and Authentication Algorithm to SHA1.
  12. Enter the key string 12345678 in the Preshared Key text box, and click Apply.

You can click Advanced button to check IPSec Phase 1 and Phase 2 parameters. Please note that Linux FreeS/WAN only supports 3DES as encryption algorithm, and DH2 or upper as key exchange group.