[Efw-user] Endian to Zywall Net2Net IPsec VPN trouble

[Nik Dahl]

Hi all,

I'm having troubles setting up a IPsec VPN from a Zyxel 
Zywall 2 to an endian 2.6.9-55.EL.endian19.

 From what I can tell, the endian is dropping the packets. 
Here are some
of the entries in the zywall logs that give me that idea.
1
        08/06/2007 22:52:40     !! IKE Packet Retransmit        2.1.8.1
6.15.3.2        IKE
2
        08/06/2007 22:52:24     !! IKE Packet Retransmit        2.1.8.1
6.15.3.2        IKE
3
        08/06/2007 22:52:17     !! IKE Negotiation is in process
2.1.8.1 6.15.3.2        IKE
4
        08/06/2007 22:52:16     !! IKE Packet Retransmit        2.1.8.1
6.15.3.2        IKE
5
        08/06/2007 22:52:12     Send:[SA][KE][NONCE][ID][VID][VID]
2.1.8.1 6.15.3.2        IKE
6
        08/06/2007 22:52:12     Send Aggressive Mode request to
[6.15.3.2]      2.1.8.1         6.15.3.2        IKE
7
        08/06/2007 22:52:12     Rule [1] Sending IKE request 
        2.1.8.1
6.15.3.2        IKE

IP addresses have been obscured, however, you can match 
them up along the logs and screenshots.
I also have screenshots of the admin interfaces and 
configuration for the zywall and endian.
http://www.hardlines.com/efw/zywall2.gif
http://www.hardlines.com/efw/zywall2-advanced.gif
http://www.hardlines.com/efw/vpn2.gif
http://www.hardlines.com/efw/vpn2-advanced.gif

When I run "ipsec verify" on the endian, I get:

Checking your system to see if IPsec got installed and 
started
correctly:
Version check and ipsec on-path 
                                [OK]
Linux Openswan 2.4.7 (klips)
Checking for IPsec support in kernel 
                           [OK]
Checking for RSA private key (/etc/ipsec.secrets) 
[DISABLED]
   ipsec showhostkey: no default key in 
"/etc/ipsec.secrets"
Checking that pluto is running 
                                 [OK]
Pluto not listening on port udp 500. Check interfaces 
defintion in ipsec.conf.
Two or more interfaces found, checking IP forwarding 
           [OK]
Checking NAT and MASQUERADEing
Checking for 'ip' command 
                                      [OK]
Checking for 'iptables' command 
                                [OK]
Opportunistic Encryption Support
[DISABLED]

I'm at a bit of a loss here, and would appreciate any help 
anyone could provide. I've been on the phone with zywall 
tech support for most of the morning. However, they seem 
to think the problem is the endian (of course).

Cheers!
Nik





-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >>  http://get.splunk.com/
_______________________________________________
Efw-user mailing list
Efw-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/efw-user