Hello Ralf, which ZyWALL device are you connecting to ?
I tried a few times to (not only Shrew, GreenBow too) configure IPSEC tunnel(s), using zywall 5, 35 or usg300, only to be beaten by phase2 error - i.e. i could not enter tunnel-client settings compatible with zywall; it was looking like zywall had to have phase2 id == ipsec client policy or else connection was ended by gateway due to phase1 timeout or phase2 id mismatch. (yes it was long ago and I found my way without using ipsec vpn, but still interested why I failed) Would you share your configuration idea please ? Lukasz On 05/08/2010 07:26, Ralf Steppacher wrote: > Matthew, > > thanks for the fast response. Unfortunately making the change you > suggest does not make a difference. Depending on what I set under the > policy tab I get two different results when trying to ping a host on the > remote network: > > r...@ralf-ubuntu:/etc$ ping 192.168.50.10 > PING 192.168.50.10 (192.168.50.10) 56(84) bytes of data. > ^C > --- 192.168.50.10 ping statistics --- > 8 packets transmitted, 0 received, 100% packet loss, time 7006ms > > Or > > r...@ralf-ubuntu:/etc$ ping 192.168.50.10 > PING 192.168.50.10 (192.168.50.10) 56(84) bytes of data. >>From 192.168.50.81 icmp_seq=1 Destination Host Unreachable >>From 192.168.50.81 icmp_seq=2 Destination Host Unreachable >>From 192.168.50.81 icmp_seq=3 Destination Host Unreachable >>From 192.168.50.81 icmp_seq=4 Destination Host Unreachable >>From 192.168.50.81 icmp_seq=5 Destination Host Unreachable >>From 192.168.50.81 icmp_seq=6 Destination Host Unreachable > ^C > --- 192.168.50.10 ping statistics --- > 7 packets transmitted, 0 received, +6 errors, 100% packet loss, time > 6018ms > , pipe 4 > > 192.168.50.81 is the IP assigned to the tap0 interface. > > > Thanks for your help! > Ralf > > > On Wed, 2010-08-04 at 22:57 -0500, Matthew Grooms wrote: >> On 8/4/2010 9:13 AM, Ralf Steppacher wrote: >>> Hello all, >>> >>> I am trying to connect to our corporate network via a Zywall and the Shrew >>> VPN Client 2.1.5 from my Ubuntu 10.04 PC. I followed the Zywall wiki howto >>> as best as I could, having no access to the Zywall configuration. >>> >>> I managed to establish a tunnel from my PC to the Zywall, but none of the >>> IP addresses on the remote network are reachable/pingable. My local gateway >>> is still pingable though. I guess it is a routing issue? >>> >>> My kernel routes with the tunnel open look like this. 192.168.1.0 being my >>> local network, 192.168.50.0 being the corporate network. >>> >>> r...@ralf-ubuntu:~$ route >>> Kernel IP routing table >>> Destination Gateway Genmask Flags Metric Ref Use >>> Iface >>> default 192.168.50.81 255.255.255.0 UG 0 0 0 tap0 >>> 192.168.50.0 * 255.255.255.0 U 0 0 0 tap0 >>> 192.168.1.0 * 255.255.255.0 U 2 0 0 >>> wlan0 >>> link-local * 255.255.0.0 U 1000 0 0 >>> wlan0 >>> default 192.168.1.1 0.0.0.0 UG 0 0 0 >>> wlan0 >>> >>> Does that look right to you? >>> >>> If it is OK, what else could be wrong? >>> In particular, I am unsure about what to set on the "Policy" tab of the >>> client. >>> >> >> Did you read this? >> >> http://lists.shrew.net/mailman/htdig/vpn-help/2008-November/001827.html >> >> -Matthew >> _______________________________________________ >> vpn-help mailing list >> [email protected] >> http://lists.shrew.net/mailman/listinfo/vpn-help > > > _______________________________________________ > vpn-help mailing list > [email protected] > http://lists.shrew.net/mailman/listinfo/vpn-help > _______________________________________________ vpn-help mailing list [email protected] http://lists.shrew.net/mailman/listinfo/vpn-help
