Andreas Steffen
2010-02-28 12:12:09 UTC
Hi,
as far as I know, the CheckPoint VPN gateway does not support the IKEv2
protocol. Therefore you can't use the strongSwan NetworkManager plugin
to set up a connection.
The CheckPoint VPN gateway most probably will use IKEv1 and XAUTH.
The first thing to find out is whether IKEv1 Main Mode is used
by the CheckPoint box since strongSwan does not support the
potentially insecure IKEv1 Aggressive Mode. If Main Mode is
possible then you can configure strongSwan's IKEv1 pluto daemon
via /etc/ipsec.conf.
Best regards
Andreas
Andreas Steffen andreas.steffen-***@public.gmane.org
strongSwan - the Linux VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==
as far as I know, the CheckPoint VPN gateway does not support the IKEv2
protocol. Therefore you can't use the strongSwan NetworkManager plugin
to set up a connection.
The CheckPoint VPN gateway most probably will use IKEv1 and XAUTH.
The first thing to find out is whether IKEv1 Main Mode is used
by the CheckPoint box since strongSwan does not support the
potentially insecure IKEv1 Aggressive Mode. If Main Mode is
possible then you can configure strongSwan's IKEv1 pluto daemon
via /etc/ipsec.conf.
Best regards
Andreas
Hi,
I'm looking to use strongSwan to connect to my company CheckPoint
VPN, as I am new to Linux and networking I am really struggling to
get anything working. I have a Actividentity token that generates a
password that authenticates against a RADIUS server, below is a list
I have an IP address for company site Authentication - Challenge
Response NAT-T protocol - enabled Office Mode - enabled Use NAT
traversal tunneling - enabled IKE over TCP - enabled Force UDP
encapsulation - enabled
I have attempted to use the Network Manager GUI to connect but it
fails with "VPN service failed to start", the syslog file contains a
Gateway: Address - IP address of my company site Certificate - None
Client: Authentication - EAP Username - My id I use for my token to
generate password
Options - Request an inner IP address - unchecked Enforce UDP
encapsulation - checked Use IP compression - unchecked
1) Does strongSwan support the protocols/authentication methods I
describe for CheckPoint VPN 2) If yes, then does my setup through
Network Manager look correct 3) If yes, then is it a case of posting
the sys.log errors for someone to kindly look at
I appreciate anyone's help and time with this.
Regards,
Jana
======================================================================I'm looking to use strongSwan to connect to my company CheckPoint
VPN, as I am new to Linux and networking I am really struggling to
get anything working. I have a Actividentity token that generates a
password that authenticates against a RADIUS server, below is a list
I have an IP address for company site Authentication - Challenge
Response NAT-T protocol - enabled Office Mode - enabled Use NAT
traversal tunneling - enabled IKE over TCP - enabled Force UDP
encapsulation - enabled
I have attempted to use the Network Manager GUI to connect but it
fails with "VPN service failed to start", the syslog file contains a
Gateway: Address - IP address of my company site Certificate - None
Client: Authentication - EAP Username - My id I use for my token to
generate password
Options - Request an inner IP address - unchecked Enforce UDP
encapsulation - checked Use IP compression - unchecked
1) Does strongSwan support the protocols/authentication methods I
describe for CheckPoint VPN 2) If yes, then does my setup through
Network Manager look correct 3) If yes, then is it a case of posting
the sys.log errors for someone to kindly look at
I appreciate anyone's help and time with this.
Regards,
Jana
Andreas Steffen andreas.steffen-***@public.gmane.org
strongSwan - the Linux VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==