From: Björn Sundberg (bjorn_at_resfeber.se)
Date: Fri Nov 15 2002 - 13:58:47 CET
Hi Michael.
I do not know if you've read the Linux as a VPN Client to FireWall-1
howto. Because there are some things you have to set up on the
checkpoint as well. You can find it here:
http://www.freeswan.ca/code/old/freeswan-1.8/doc/interop.html
I don't know ho your administrator did. But you have to use a shared
secret between your client and the checkpoint and you have to make sure
that the checkpoint uses 3des and md5 for the connection. But most of
the topic is included in the pdf document.
I've read that you probably could make it work with the x509 patch, but
i have never tried it.
Good luck
Cheers
/bjorn
On Wed, 2002-11-13 at 05:39, michael verrilli wrote:
>
> I'll break this into a few parts. I am trying to figure out if 1.
Freeswan
> will work for my situation, and 2. how to set up the ipsec.conf file.
>
> The Situation
> -------------
>
> I am trying to vpn to the office. They are running a Checkpoint
firewall.
> The administrator gave me a username and password, and the ip address
of the
> firewall. I was also given a link to download the SecureRemote vpn
> software. However, I run linux at home (gentoo on my workstation),
behind a
> linux firewall which does ip-masquerading. No keys were given to me
to use.
>
> HOME dynamicip 77.77.77.77 WORK
> ------------- --------- -----------
> |Workstation |----|Firewall|---- <ISP> ----|Checkpoint|---[10.x.x.x]
> ------------- --------- -----------
> 192.168.0.2 192.168.0.1
>
> My internal network is the 192's... the work internal net is 10's. My
> firewall has an external ip which is dynamic (although I have a dyndns
> account), and for argument's sake, the work external ip is
77.77.77.77. I
> want to access the 10.x.x.x network from my Workstation.
>
> So, I gave this a try, putting these connection settings in:
>
left=192.168.0.2
> leftsubnet=192.168.0.0/16
> leftnexthop=192.168.0.1
> right=77.77.77.77
> rightsubnet=10.0.0.0/8
>
> I have no idea what to do with my name and password. I also do not
know if
> I need to add settings to my firewall.
>
> Anyhow, when I --add and --up the connection, I get the following:
> 104 "test" #1: STATE_MAIN_I1: initiate
> 003 "test" #1: Notify Message Type of ISAKMP Notification Payload has
an
> unknown value: 9101
> 003 "test" #1: malformed payload in packet
>
> I assume I am missing a number of things here... anyone able to give
me some
> advice?
>
> Thanks,
>
> Michael
>
> _________________________________________________________________
> MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*.
> http://join.msn.com/?page=features/virus
>
> _______________________________________________
> Users mailing list
> Users_at_lists.freeswan.org
> http://lists.freeswan.org/mailman/listinfo/users
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.5 : Sat Nov 16 2002 - 05:20:41 CET