[Openswan Users] Connecting to CheckPoint VPN

Paul Wouters paul at xelerance.com
Sun Feb 26 18:02:58 CET 2006


On Sun, 26 Feb 2006, Noam Meltzer wrote:

> Hi,
> Did any one here succeeded connecting from Linux using openswan to a
> checkpoint vpn?
> If you did, or know how it can be achieved, can you please direct me
> to a good howto for doing that?
>
> The server is:
>      Check Point VPN-1(TM) & FireWall-1  NGX (R60) - Build
> The authentication method is using a username + a dynamic password
> which I generate using a key holder ( then I manually type it to the
> computer).

Openswan does not support secureid type authentication. You might want
to have a look at the opensclient project:

http://opensclient.pbwiki.com/AboutProject

  OpenSClient is an effort to connect to CheckPoint VPN-1 & Firewall-1
  through a VPN tunnel in SecureClient mode using opensource software
  namely OpenSwan.

  Precisely speaking it's about implementing ChekPoint HybridAuthentication
  mode support in OpenSwan allowing for Username/Password (or two factor,
  like SecureID) authenticated VPNs among CP and Linux.

You will need to patch openswan with:

	 http://emsi.it.pl/auto/openswan-2.4.0-SecureClient.diff

Since this patch breaks other functionality of Openswan, it is not part
of the openswan code itself.

Paul


More information about the Users mailing list