VPN Tracker to ZyWALL Tunneling

  1. Setup VPN Tracker 
  2. Setup ZyWALL VPN

This page guides us to setup a VPN connection between the VPN Tracker software and ZyWALL router. VPN Tracker is a VPN client on Mac 0S X 10.2. You can refer to this web site, http://www.equinux.com/us/products/vpntracker/, for more information.

As the figure shown below, the tunnel between PC 2, with VPN Tracker installed, and ZyWALL ensures the packets flow between them are secure. Because the packets go through the IPSec tunnel are encrypted. To setup this VPN tunnel, the required settings for VPN Tracker and ZyWALL are explained in the following sections. As the red pipe shown in the following figure, the tunneling endpoints are VPN Tracker and ZyWALL.

 

The IP addresses we use in this example are as shown below.

LAN 1 

ZyWALL  PC2
10.1.33.0/24 LAN: 10.1.33.1
WAN:  192.168.11.55

192.168.11.15

1. Setup VPN Tracker

  1. Open VPN Tracker application, and click VPN Tracker.

 

  1. Configure the network definition and the VPN tunnel type in the main page. 

a. Give this connection a name, for example, to zywall
b. Choose Connection Type to ZyXEL ZyWALL.
c. In Mode, select Host to Network.
c. In Local Endpoint, specify the interface you would like to use for the VPN tunnel. If you have only one Interface, Default Interface will do.
d. In Remote Endpoint, specify the WAN IP address of ZyWALL. 
e. In Remote Network, specify the LAN network of ZyWALL.
f. If you would like to initiate the VPN tunnel from your Mac, the check the option of Initiate Connection.

  1. You can adjust IKE phase 1/phase 2 parameters in Connection Type/Edit Connection Types, please note that the security parameters between VPN tracker and ZyWALL must be consistent.¡@

  1. In "Phase 1 General" tab, select Exchange mode as Main, and leave other parameters by default.

  1. In "Phase 1 Proposal" tab, specify Encryption Algorithm as DES, Hash Algorithm as MD5, Authentication Method as pre_shared_key, DH Group as modp 768 which is the same as DH1, and SA Lifetime 28800 seconds.

  1. In "Phase 2" tab, select Encryption Algorithm to DES, Authentication Algorithm to HMAC_MD5. Then click Save.

  1. In main menu, Click Edit pre-shared key..., then type the pre-shared key, 12345678, in the popped out window. After this, you finish the configuration in VPN Tracker.

2. Setup ZyWALL VPN

  1. Using a web browser, login ZyWALL by giving the LAN IP address of ZyWALL in URL field. Default LAN IP is 192.168.1.1, default password to login web configurator is 1234.
  2. Go to SECURITY->VPN->Press Add button
  3. In the SUMMARY menu, Select a policy to edit by clicking Edit.
  4. In the CONFIGURE-IKE menu, check Active check box and give a name to this policy.
  5. Select IPSec Keying Mode to IKE and Negotiation Mode to Main, as we configured in ZyWALL's peer side .
  6. In Local section, select Subnet Address as Address Type, enter the Network IP and Subnet Mask of ZyWALL's LAN.
  7. In Remote section, select Single as Address Type, enter the IP address of ZyWALL's peer.
  8. My IP Addr is the WAN IP of ZyWALL.
  9. Secure Gateway IP Addr is the ZyWALL's peer side's IP, that is PC 2 in this example.
  10. Select Encapsulation Mode to Tunnel.
  11. Check the ESP check box. (AH can not be used in SUA/NAT case)
  12. Select Encryption Algorithm to DES and Authentication Algorithm to MD5, as we configured in ZyWALL's peer side .
  13. Enter the key string 12345678 in the Preshared Key text box, and click Apply.
  14. Press Advanced button to set IKE phase 1 and phase 2 parameters.

See the VPN rule screen shot

Set IKE Phase 1 and Phase 2 parameters.