[Openswan Users] CheckPoint Firewall Hybrid Mode

Manuel Mesquita T. F. Gomes mei04014 at fe.up.pt
Mon Jul 4 17:36:20 CEST 2005

Hi, and thanks again for replying,

the question is that i can't change the firewall configuration and the
guys who can, refuses to (i don't know exactly why, but they won't even
tell me the exact configuration of the firewall. all i know, i found out
in google and using ethereal in a Checkpoint Client connection. it seems
that they only want people to use checkpoint's client).

I will look for other alternatives, but i'm thinking that it really
isn't possible... although i was hoping that i could do something with
XAuth, but i'm not sure if openSwan supports it.

Thanks again and kind regards,

Manuel Gomes

On Mon, 2005-07-04 at 16:07 +0200, Michael Schwartzkopff wrote:
> Am Montag, 4. Juli 2005 15:58 schrieb mei04014 at fe.up.pt:
> > Hi,
> >
> > Thanks for your reply, but i don't quite understand you...
> >
> > I'm trying to make a tunnel between my linux box and a Checkpoint Firewall,
> > using hybrid method.
> >
> > The way hybrid method works, as far as i understood it, is:
> > -A phase 1 exchange authenticates the firewal using RSA
> > -after that, a Transaction Exchange is initiated by the firewall, protected
> > by the IKE SA negotiated in phase 1. and where the user is authenticated.
> > -upon sucessfull completion of the exchange the IKE SA can be used for
> > other purposes, like Quick mode...
> >
> > What i qould like to know, and if possible get an example, is if an
> > openswan linux client supports this kind of assymetric authentication...
> >
> > Manuel Gomes
> I don't believe that linux would support such a authentication scheme. But why 
> don't you just install plain PSK authentication with linux. Let the others 
> (Checkpoint SecuRemote, ...) do what they want. Configure a PSK tunnel with 
> the linux firewall (or client). It really works.
> _______________________________________________
> Users mailing list
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users

More information about the Users mailing list