[Openswan Users] checkpoint NG AI and Openswan 2.1.2

Ji Hui jhuichd at gmail.com
Mon Mar 14 23:13:07 CET 2005

To be more specific, the tunnel was up but it went down after a while
and ",,,No valid SA...." was logged in Checkpoint.

I found that it was mentioned that "iA Linux FreeS/WAN-Checkpoint
connection may close after some time. Try this tip toward a
workaround" in http://www.freeswan.org/freeswan_snaps/CURRENT-SNAP/doc/interop.html.
but the link to this tip was not valid any more, which is
Anyone has any clue on this? Is this applicable to Openswan as well?

thank you very much.

On Fri, 11 Mar 2005 11:44:37 -0600, Warnes, Jason  SktnHR
<jason.warnes at saskatoonhealthregion.ca> wrote:
> I'm new to the list,  but I hope this helps. 
> I was running into a similar no valid SA problem with my Cisco PIX.  The
> problem I had was that the for each subnet that is defined on the PIX side
> of the VPN I needed a corresponding conn definition in my ipsec.conf file. 
> I couldn't use a generic conn definition that covered all the subnets with a
> larger mask.  So basically what this did was make separate SAD entries for
> each subnet I was going to on my Linux box.
> When you're tunnel is up, check to see how many SAD entries you have and
> compare that to how many your Checkpoint is expecting.  There should be a
> way to see that on your Checkpoint.  Then just make sure that all the SPI
> numbers line up to each subnet properly.
> Jason... 
> -----Original Message----- 
> From: users-bounces at openswan.org [mailto:users-bounces at openswan.org] On
> Behalf Of Ji Hui 
> Sent: Friday, March 11, 2005 9:19 AM 
> To: users at openswan.org 
> Subject: [Openswan Users] checkpoint NG AI and Openswan 2.1.2 
> Hi, 
> I was trying to configure site-to-site VPN with my partner who is using
> Checkpoint NG AI R55. 
> I could establish the VPN from openswan to NG, but the other direction is
> failed. And sometime, the packets were dropped by NG, complaining no valid
> SA.
> Any advice? 
> thank you. 
> _______________________________________________ 
> Users mailing list 
> Users at openswan.org 
> http://lists.openswan.org/mailman/listinfo/users

More information about the Users mailing list