connect on Zywall 110 without password throught SSH. Possible ?

J0hn
J0hn Posts: 3
in Security

Hi all,

Our Zyxell is a Zywall 110 with firmware 4.32

Can you tell me if what I want to do is possible or not, and if yes, how can I do it.

The context :

We have a critical service that sends SMS through a VPN we have with a mobile phone operator and sometimes this service failed (maybe once a week), our Nagios alert us that our SMS connections are down or have a problem and the reason we have found is because VPN is in a "strange" state.
When we have an alert like that the only workaround we have is to log in to the Zywall interface and "disconnect" this IP Sec vpn.
Then VPN go UP by himself and everything resume normally.

My question :

Can I make an external script on a Linux (sh, phyton, ...) that connect to the Zywall by himself and send a cli command to disconnect this specific VPN ?

That involves creating a script that can connect through SSH without asking for a password (certificate ?) is it possible to this on a Zywall 110 ?

If yes do you know what is the cli command to put down / disconnect a specific IP Sec VPN ?

Thanks in advance for your answers,
Regards,
Jo

All Replies

  • mMontana
    mMontana Posts: 1,405  Guru Member
    50 Answers 1000 Comments Friend Collector Fifth Anniversary
    Consider to use tcl and expect for writing your script, jo
  • J0hn
    J0hn Posts: 3
    edited May 2021
    mMontana said:
    Consider to use tcl and expect for writing your script, jo
    Thanks for the tip ! I have try and I'am able to connect. I'm now searching the good Cli command to disconnect an IPSEC VPN, if someone know ....  :-1:

  • Zyxel_Can
    Zyxel_Can Posts: 342  Zyxel Employee
    25 Answers First Comment Friend Collector

    Hi @J0hn,


    In the description I see that you want to SSH because of your IPSec VPN.

    Can you try to upgrade your ZyWALL 110’s firmware to latest firmware for IPSec VPN’s stability?


    Also, you can enable ping check to VPN Peer's IP address.

    (Configuration > VPN > IPSec VPN > VPN Connection )



    Please input peer gateway's IP address into "Check This Address" textbox.

    That way system will check VPN health in the time period.
    Once traffic is reached the threshold, it will automatically reconnect VPN tunnel.
  • J0hn
    J0hn Posts: 3
    Thanks for your reply Zyxel_Can, we have add an issue in the past with version 4.35 after the update but can't remember what it was but that the reason we came back to 4.32. We didn't try the last one (4.62) but we maybe should.

    I've set-up the Connectivity Check and will see what happen in the next few days and let you know if it solve the issue.

Categories

Security Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)