I've recently needed to get connectivity set up to a Checkpoint FW1<br>system, and managed to get the patch for -2.4.0 by Chris Poon to<br>work with -2.4.9 (new patch attached).<br><br>The only wrinkles I encountered were:
<br><br>1/<br>openswan would dump core for some of the packets sent to it<br> from FW1. I simply changed the way xauth.c would log them:<br><br>@@ -2232,8 +2236,8 @@<br> break;<br>
<br> default:<br>- openswan_log("while waiting for XAUTH_STATUS, got %s instead."<br>- , enum_show(&modecfg_attr_names, (attr.isaat_af_type & ISAKMP_ATTR_RTYPE_MASK)));
<br>+ openswan_log("while waiting for XAUTH_STATUS, got %d instead."<br>+ , attr.isaat_af_type & ISAKMP_ATTR_RTYPE_MASK);<br> break;<br> }
<br> }<br> I now get log messages of the form:<br> #1: XAUTH: Unsupported attribute: 18<br><br> Is this of concern for vanilla openswan? (i.e. could bad packets from<br> the peer crash an unpatched pluto?)<br>
<br>2/<br>Office mode isn't supported. Does anyone know where the details<br>of CheckPoint's office mode are documented? (I don't want to have<br>openswan implement it, I'm just curious about what the VPN peer is
<br>sending to me).<br><br>Cheers,<br>Andrew<br>