[Openswan Users] Openswan <-> checkpoint VPN

Paul Wouters paul at xelerance.com
Fri Oct 21 23:46:36 CEST 2005


On Fri, 21 Oct 2005, Saulo Silva wrote:

> I create a VPN from openswan to Checkpoint .
>
> So the tunnel from openswan to checkpoint is working fine . I can ping
> other subnets , connect to server and all .
> But the tunnel from checkpoint to openswan is not working . I can ping
> or connect  .
>
> All firewall rules are ACCEPT .

Likely the checkpoint device and the openswan configuration do not match.

Unfortunately, checkpoint will agree to just about everything, telling
Openswan the IPsec SA is up for use, and then siliently drop anything it
deems not complying to its policy.

This makes tracing the error on the openswan side next to impossible.
There is nothing we can do about it. Don't use checkpoint.

Paul


More information about the Users mailing list