Note: Not all ZyXEL Prestige provide VPN functionality. Please check the User's Manual from the packaged CD-ROM.
This page guides us to setup a VPN connection between FreeS/WAN and Prestige router. There will be several devices we need to setup for this case. They are Linux FreeS/WAN and Prestige router.
As the figure shown below, the tunnel between PC 1 and Prestige ensures the packets flow between them are secure. Because the packets go through the IPSec tunnel are encrypted. To setup this VPN tunnel, the required settings for FreeS/WAN and Prestige are explained in the following sections.
The IP addresses we use in this example are as shown below.
LAN 1 |
FreeS/WAN Linux box | Prestige | LAN 2 |
192.168.10.0/24 | LAN: 192.168.10.20 WAN: 65.170.185.111 Gateway: 65.170.185.65 |
LAN: 192.168.0.254 WAN: 202.132.170.1 Gateway: 202.132.170.254 |
192.168.0.0/24 |
We presume that your Linux's kernel has been compiled to support FreeS/WAN, and FreeS/WAN has been also installed successfully in your system. You can refer to the following URL for more information, http://www.FreeS/WAN.org/.
Two files must be configured in /etc directory.
ipsec.conf:
config setup
|
ipsec.secrets:
65.170.185.111 202.132.170.1 : PSK "12345678"
|
You can click Advanced button to check IPSec Phase 1 and Phase 2 parameters. Please note that Linux FreeS/WAN only supports 3DES as encryption algorithm, and DH2 or upper as key exchange group.
If you use SMT management, the VPN configurations are as shown below.
Menu 27.1.1 - IPSec Setup
Index #=
1 Name= to_Linux |
1. Edit IKE settings by selecting 'Edit Key
Management Setup' option
in menu27.1.1 to 'Yes' by pressing space bar and then pressing 'Enter'.
2. There are two phases for IKE:
In Phase 1, two IKE peers establish a secure channel for
key exchanging.
In Phase 2, two peers negotiate IPSec SAs which are used for data
transmission.
Please note that Linux FreeS/WAN only supports 3DES as encryption algorithm, and DH2 or upper as key exchange group.
Menu 27.1.1.1 - IKE Setup Phase 1 Negotiation Mode= Main Pre-Shared Key= 12345678 Encryption Algorithm= 3DES Authentication Algorithm= MD5 SA Life Time (Seconds)= 9600 Key Group= DH2 Phase 2 Active Protocol= ESP Encryption Algorithm= 3DES Authentication Algorithm= SHA1 SA Life Time (Seconds)= 3600 Encapsulation= Tunnel Perfect Forward Secrecy (PFS)= None Press ENTER to Confirm or ESC to Cancel: |