<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD><TITLE></TITLE>
<META content="text/html; charset=iso-8859-1" http-equiv=Content-Type>
<META name=GENERATOR content="MSHTML 8.00.6001.18783"></HEAD>
<BODY bgColor=#ffffff text=#000000>
<DIV dir=ltr align=left><SPAN class=028505120-26082009><FONT size=2
face=Tahoma>I believe I´ve got it. I have put this information on ipsec.conf and
let ICMP from their network.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=028505120-26082009><FONT size=2
face=Tahoma></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=028505120-26082009><FONT size=2 face=Tahoma>
<DIV><SPAN class=028505120-26082009><FONT size=2
face=Tahoma>rc.firewall.local</FONT></SPAN></DIV></FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=028505120-26082009><FONT size=2
face=Tahoma># ESP (Protocolo 50)<BR>iptables -A INPUT -i eth0 -d $MYNET
-s $THEIRNET -p 50 -j ACCEPT<BR>iptables -A OUTPUT -o eth0 -s $MYNET -d
$THEIRNET -p 50 -j ACCEPT<BR># Company network<BR>iptables -A INPUT
-s $THEIRNET -p icmp -j ACCEPT</FONT></SPAN></DIV>
<DIV><FONT size=2 face=Tahoma></FONT> </DIV>
<DIV><FONT size=2 face=Tahoma>ipsec.conf</FONT></DIV>
<DIV><SPAN class=028505120-26082009><FONT size=2 face=Tahoma>config
setup<BR>
protostack=netkey<BR>
klipsdebug=none<BR>
plutodebug=none<BR></FONT></SPAN></DIV>
<DIV><SPAN class=028505120-26082009><FONT size=2 face=Tahoma>conn
%default<BR>
keyexchange=ike<BR>
aggrmode=no<BR>
type=tunnel<BR>
pfs=no<BR>
ikelifetime=24h<BR>
keylife=1h<BR>
authby=secret<BR>
auth=esp<BR>
auto=start<BR></FONT></SPAN></DIV>
<DIV><FONT size=2 face=Tahoma></FONT> </DIV>
<DIV><FONT size=2 face=Tahoma></FONT> </DIV>
<DIV><FONT color=#008000>
<P style="MARGIN: 0cm 0cm 0pt; mso-layout-grid-align: none" class=MsoNormal
align=left><SPAN
style="FONT-FAMILY: Tahoma; COLOR: black; FONT-SIZE: 10pt; mso-ansi-language: PT-BR"><STRONG>Estevão
Arndt</STRONG></SPAN></P>
<P style="MARGIN: 0cm 0cm 0pt; mso-layout-grid-align: none"
class=MsoNormal><SPAN
style="FONT-FAMILY: Tahoma; COLOR: black; FONT-SIZE: 10pt; mso-ansi-language: PT-BR"><STRONG>Lockton<SPAN
style="mso-spacerun: yes"> </SPAN>Brasil Corretora de Seguros
Ltda<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office"
/><o:p></o:p></STRONG></SPAN></P>
<P style="MARGIN: 0cm 0cm 0pt; mso-layout-grid-align: none"
class=MsoNormal><SPAN
style="FONT-FAMILY: Tahoma; COLOR: #818181; FONT-SIZE: 10pt; mso-ansi-language: PT-BR">Tel:
5511.3371.9137 / 55.11.3528.9137</SPAN></P>
<P style="MARGIN: 0cm 0cm 0pt; mso-layout-grid-align: none"
class=MsoNormal><SPAN
style="FONT-FAMILY: Tahoma; COLOR: #818181; FONT-SIZE: 10pt; mso-ansi-language: PT-BR">Mobile:
5511.8415.0925</SPAN><SPAN
style="FONT-FAMILY: Tahoma; COLOR: navy; FONT-SIZE: 8pt; mso-bidi-font-size: 10.0pt; mso-bidi-font-family: 'Courier New'"></P></SPAN></FONT></DIV>
<DIV> </DIV><BR>
<DIV dir=ltr lang=pt-br class=OutlookMessageHeader align=left>
<HR tabIndex=-1>
<FONT size=2 face=Tahoma><B>De:</B> Nick Howitt [mailto:n1ck.h0w1tt@gmail.com]
<BR><B>Enviada em:</B> segunda-feira, 24 de agosto de 2009 18:00<BR><B>Para:</B>
Estevao Arndt<BR><B>Cc:</B> users@openswan.org<BR><B>Assunto:</B> Re: [Openswan
Users] VPN - ClarkConnect v5.0 (OpenSwan U2.6.14/K2.6.18-128.2.16.v5) x
CheckPoint Firewall<BR></FONT><BR></DIV>
<DIV></DIV>This looks like you have gone for the standard ClarkConnect unmanaged
VPN setup. Is that correct? If so, it will not work if it is behind a checkpoint
firewall, or is the CC box one gateway and the Checkpoint firewall the othr
VPN/gateway?<BR><BR>If you are asked to upgrade Openswan, see this thread from
the CC forums (especially the second post): <A class=moz-txt-link-freetext
href="http://forums.clarkconnect.com/showthreaded.php?Cat=0&Number=98437&page=0">http://forums.clarkconnect.com/showthreaded.php?Cat=0&Number=98437&page=0</A>.
It tells you how to edit the makefile.inc. You will also need to do the
following (as CC5 now uses yum and not apt):<BR><BR>yum groupinstall
"Development Tools"<BR>yum install xmlto<BR><BR>If you end up setting up
openswan by hand, you will break the GUI interface, but it will
work.<BR><BR>Nick<BR><BR>On 24/08/2009 20:55, Estevao Arndt wrote:
<BLOCKQUOTE
cite=mid:F371A2196BD1F54E8CF3EF8414A3E279016462B7@lckms01.afbrasil.local
type="cite">
<META name=GENERATOR content="MSHTML 8.00.6001.18783">
<DIV><FONT size=2 face=Tahoma><SPAN
class=414304919-24082009>Hello,</SPAN></FONT></DIV>
<DIV><FONT size=2 face=Tahoma><SPAN class=414304919-24082009>I am trying to do
a VPN between our office and the HeadOffice, but I can not get
connected.</SPAN></FONT></DIV>
<DIV><FONT size=2 face=Tahoma><SPAN
class=414304919-24082009></SPAN></FONT> </DIV>
<DIV><FONT size=2 face=Tahoma><SPAN class=414304919-24082009>I have this
message:</SPAN></FONT></DIV>
<DIV><FONT size=2 face=Tahoma><SPAN
class=414304919-24082009>[root@locktonbrasil etc]# ipsec auto --up
hqnetBrasil-satnetBrasil<BR>104 "hqnetBrasil-satnetBrasil" #10: STATE_MAIN_I1:
initiate<BR>010 "hqnetBrasil-satnetBrasil" #10: STATE_MAIN_I1: retransmission;
will wait 20s for response<BR>010 "hqnetBrasil-satnetBrasil" #10:
STATE_MAIN_I1: retransmission; will wait 40s for response<BR>031
"hqnetBrasil-satnetBrasil" #10: max number of retransmissions (2) reached
STATE_MAIN_I1. No response (or no acceptable response) to our first IKE
message<BR>000 "hqnetBrasil-satnetBrasil" #10: starting keying attempt 2 of at
most 3, but releasing whack<BR></SPAN></FONT></DIV>
<DIV><FONT size=2 face=Tahoma><SPAN class=414304919-24082009>See attached my
ipsec.conf and ipsec.Brasil.conf. Can you help me on that?</SPAN></FONT></DIV>
<DIV><SPAN class=414304919-24082009><FONT size=2
face=Tahoma>Regards.</FONT></SPAN></DIV>
<DIV><FONT color=#008000></FONT>
<P style="MARGIN: 0cm 0cm 0pt" class=MsoNormal align=left><SPAN
style="FONT-FAMILY: Tahoma; COLOR: black; FONT-SIZE: 10pt"><SPAN
class=414304919-24082009><FONT color=#008000>Estevão
Arndt.</FONT></SPAN></SPAN></P></DIV><PRE wrap=""><HR SIZE=4 width="90%">
_______________________________________________
<A class=moz-txt-link-abbreviated href="mailto:Users@openswan.org">Users@openswan.org</A>
<A class=moz-txt-link-freetext href="http://lists.openswan.org/mailman/listinfo/users">http://lists.openswan.org/mailman/listinfo/users</A>
Building and Integrating Virtual Private Networks with Openswan:
<A class=moz-txt-link-freetext href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155</A>
</PRE></BLOCKQUOTE></BODY></HTML>