[Openswan Users] Checkpoint VPN
Paul Wouters
paul at xelerance.com
Mon Oct 25 22:15:24 CEST 2004
On Mon, 25 Oct 2004, Chris Berry wrote:
> Has anyone managed to connect an openswan to checkpoint vpn tunnel? I'm
> trying it using v1.07 and a partner company who uses Checkpoint 4.1 SP5a.
> Right now we're having trouble in Phase 2 with error messages like "no
> proposal sent" and "recieved delete sa from peer". I haven't used Checkpoint
> and they haven't used IPCOP so we're both kind of scratching our heads at the
> moment. Here is my config:
>
> conn CBE
> left=64-60-95-219.cust.telepacific.net
> leftnexthop=%defaultroute
> leftsubnet=192.168.1.0/255.255.255.0
> right=65.118.251.2
> rightsubnet=206.99.156.150/32
> rightnexthop=%defaultroute
> ike=3des-sha-modp768
> esp=3des-md5
What happens if you do not specify ike= and esp= lines?
Another atempt you can try is esp=3des-sha1-96 and/or
ike=aes128-sha-modp1024,3des-sha-modp1024.
It would help if you know what the other end has configured, so you can
correctly specify the precise phase 1 and phase 2 encryption ciphers and
algorithms.
Paul
More information about the Users
mailing list