Note: This archive passes through spamassassin. Every mail marked with the subject "*****SPAM*****" has exceed a certain threshold of spam-like behaviour.

Re: [Users] Checkpoint, FreeS/WAN and me...

From: thelupine (thelupine_at_softhome.net)
Date: Tue Jun 11 2002 - 16:27:50 CEST

Next message: Adriano Nagelschmidt Rodrigues: "[Users] Re: Windows XP doesn't like /12 netmask?"
Previous message: Marc Kurtz: "RE: [Users] Please clarify the uniqueids option!"
In reply to: Barry, Christopher: "[Users] Checkpoint, FreeS/WAN and me..."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

On Tue, 2002-06-11 at 00:45, Barry, Christopher wrote:
>
> ...don't appear to be getting along very well.
> I've read the docs, including the "Linux as a client to FW-1" from Checkpoints' site, I can apparently exchange keys and establish a tunnel, yet I cannot get traffic to flow across this tunnel. I have the Linux end, and an ASP has the FW-1 end, so I can't see how they have it setup personally, but what logs and/or other pertinent data would you all need from me to determine what is wrong? I can publish as much as needed to a website.
>
> TIA, I'm really under the gun to get this up.
>
> Regards,
> Chris Barry
> _______________________________________________

I see a few people, including myself having this same problem. I've
read everything I can find, but can not seem to get the routing through
the tunnel working properly. I'm thinking it is either a subnet issue,
or I have to do an extra unknown route/eroute command. Can someone
please point me/us in the right direction? Here is my info:

ipsec.conf:

# basic configuration
config setup
        interfaces="ipsec0=eth0"
        klipsdebug=none
        plutodebug=none
        manualstart=
        plutoload=%search
        plutostart=%search
        uniqueids=yes

conn vpn1
        type=tunnel
        left=208.#.#.#
        leftnexthop=208.#.#.#
        right=192.168.1.104
        rightnexthop=192.168.1.1
        keyexchange=ike
        auth=esp
        pfs=no

conn vpn2
        type=tunnel
        left=208.#.#.#
        leftnexthop=208.#.#.1
        leftsubnet=208.#.#.0/24
        right=192.168.1.104
        rightnexthop=192.168.1.1
        keyexchange=ike
        auth=esp
        pfs=no

I then do:

ipsec setup stop
ipsec setup start
ipsec auto --add vpn1
ipsec auto --add vpn2
ipsec auto --up vpn1
ipsec auto --up vpn2

and then try to get to the network behind 208.#.#.# but can not. I've
talked with the Network Engineer that setup Check Point, and he assures
me that I have nothing blocked on my account. He also tells me that he
sees that I am connected, but that no other packets are sent.

Any help, or links would be appreciated. I've looked over
fw-linuxvpn.pdf, but I guess it's not enough.

TIA,
-Lup

_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

Next message: Adriano Nagelschmidt Rodrigues: "[Users] Re: Windows XP doesn't like /12 netmask?"
Previous message: Marc Kurtz: "RE: [Users] Please clarify the uniqueids option!"
In reply to: Barry, Christopher: "[Users] Checkpoint, FreeS/WAN and me..."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:20:13 CEST