I got it up and running after some debugging, finally it seems to boil down to the fact that the zywall supports ranges on the ip addresses whereas freeSwan only supports entire subnets. For ipsec a range from 0 to 255 is _NOT_ a subnet.
I have now a tunnel between a Zywall10 and a LEAF Bering 1.0rc3 and I am pretty sure this is valid for the entire Zyxel Zywall range. Ping from one subnet to the other typically take 25 ms due to the encryption overhead I guess, but I am wondering if this is limited by the Zywall or the LEAF box. If someone has a running installation between 2 LEAF boxes I'd be interested in the numbers.
Thanks for the help
Erich
guitarlynn wrote the following at 22:51 17.11.2002:
On Sunday 17 November 2002 14:05, Erich Titl wrote: > Lynn > > thanks for the reply, for some weird reason the barf still reflected > a test in aggressive mode, I switched the Negotiation Mode back to > "Main" (whatever that means) bit unfortunately there is still nothing > more. Additionally I changed auto to "start" in ipsec.conf as this > seemed logical, still no joyI believe that the Zyxtel router is sending options that IPSec isn't understanding. Your setting up a gw-gw tunnel, whereas many commercial routers will only connect to a host-host type configuration.... this may be the reason for the error. Drop your subnet options and see if SA is initiated.
THINK P�ntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 ------------------------------------------------------- This sf.net email is sponsored by: To learn the basics of securing your web site with SSL, click here to get a FREE TRIAL of a Thawte Server Certificate: http://www.gothawte.com/rd524.html ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
