Zyxek USG VPN with OpenSwan - can you share working configurations?

grokit
grokit Posts: 18  Freshman Member
Friend Collector First Comment
edited April 2021 in Security
I seem to have considerable issues to get a VPN between a Zyxel USG 300 and OpenSwan VPN Server on CentOS to work.

I think I have tried dozens of combinations. The main issue is to find the right encryption/authentication settings between the two VPN servers.

I would appreciate, in case one of you has a working setup, you could share that with me.

Thanks a lot

Dan

All Replies

  • Zyxel_Charlie
    Zyxel_Charlie Posts: 1,034  Zyxel Employee
    First Anniversary Friend Collector First Answer First Comment
    @grokit
    Regarding to your request,
    you can check below as your reference.

    Example on USG:


    Example on OpenSwan:

    # basic configuration

     

    config setup

      charondebug="all"

      strictcrlpolicy=no

      # uniqueids = no

     

    # Add connections here.

    conn Zywall 110

      type=tunnel

      keyexchange=ikev1

      authby=secret

      left=192.168.111.20

      leftid=192.168.111.20

      leftsubnet=172.16.1.0/24

      right=192.168.111.51

      rightid=0.0.0.0

      rightsubnet=192.168.1.0/24

      ike=aes-sha-modp1024!

      esp=aes-sha-modp1024!

      keyingtries=0

      ikelifetime=1d

      lifetime=8h

      dpddelay=30

      dpdtimeout=120

      dpdaction=restart

      auto=route

    Charlie
  • grokit
    grokit Posts: 18  Freshman Member
    Friend Collector First Comment
    Thanks @Zyxel_Charlie
    I got it running in the meantime, but with different setup. It seems to be a bit unstable, though.
    I will try your solution as well. I hope it's better :-)
    Dan 

Security Highlight