[Openswan Users] Checkpoint VPN

Paul Wouters paul at xelerance.com
Mon Oct 25 22:15:24 CEST 2004

On Mon, 25 Oct 2004, Chris Berry wrote:

> Has anyone managed to connect an openswan to checkpoint vpn tunnel?  I'm 
> trying it using v1.07 and a partner company who uses Checkpoint 4.1 SP5a. 
> Right now we're having trouble in Phase 2 with error messages like "no 
> proposal sent" and "recieved delete sa from peer".  I haven't used Checkpoint 
> and they haven't used IPCOP so we're both kind of scratching our heads at the 
> moment.  Here is my config:
> conn CBE
>        left=64-60-95-219.cust.telepacific.net
>        leftnexthop=%defaultroute
>        leftsubnet=
>        right=
>        rightsubnet=
>        rightnexthop=%defaultroute
>        ike=3des-sha-modp768
>        esp=3des-md5

What happens if you do not specify ike= and esp= lines?
Another atempt you can try is esp=3des-sha1-96 and/or

It would help if you know what the other end has configured, so you can
correctly specify the precise phase 1 and phase 2 encryption ciphers and


More information about the Users mailing list