[Openswan Users] Checkpoint - OpenSwan connection dropping

Mike.Peters at opengi.co.uk Mike.Peters at opengi.co.uk
Mon Jan 8 05:13:12 EST 2007 

Hi,

I currently have a Checkpoint <-> OpenS/WAN connection. It works fine
for a while, in both directions, however the connection drops fairly
frequently and I cannot re-initiate the connection from the OpenSwan end
of the connection - the connection re-establishes if I ping from the
Checkpoint network to the OpenSwan network.

I found this on the FreeSwan interop page:

"A Linux FreeS/WAN-Checkpoint connection may close after some time. Try
this tip toward a workaround."

Unfortunately, "this tip" links to
http://lists.freeswan.org/archives/users/2003-October/msg00293.html
however I get a 404 not found at that address. 

Does anyone have any ideas what the workaround may be (or any other
ideas)?

The set up is as per
http://www.fw-1.de/aerasec/ng/vpn-freeswan/CP-FW1-NG+Linux-FreeSWAN-Gate
way.html

My ipsec.conf is as follows:

# basic configuration
config setup
  crlcheckinterval=600
  strictcrlpolicy=no
  interfaces=%defaultroute
  nat_traversal=yes
  uniqueids=yes
  virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16

conn %default
  keyingtries=3
  compress=no
  disablearrivalcheck=no
  authby=rsasig
  leftrsasigkey=%cert
  rightrsasigkey=%cert
  ikelifetime=3600s
  keylife=20m
  left=%defaultroute

conn net-openswan-net
  type=transport
  keyexchange=ike
  ikelifetime=3h
  keylife=1h
  disablearrivalcheck=no
  authby=secret
  left=%defaultroute
  esp=aes128,3des
  auto=start
  right=aaa.bbb.ccc.42

conn checkpoint-openswan
  type=tunnel
  keyexchange=ike
  ikelifetime=3h
  keylife=1h
  disablearrivalcheck=no
  authby=secret
  left=%defaultroute
  esp=aes128,3des
  auto=start
  right=aaa.bbb.ccc.42
  rightsubnet=192.168.0.0/24
  leftsubnet=10.0.0.0/8

Thanks

Mike Peters
Linux System and Website Administrator
Open G I Limited 
www.opengi.co.uk
This message is intended for the named recipient only and may be
privileged and/or confidential.  If you are not the intended or named
recipient or have received this email in error then you should not copy
forward or disclose it to any other persons.  If you have received this
email in error you should destroy it and contact the sender so that we
may take appropriate action.   The views and opinions expressed in this
email may not represent the views and opinions of Open International
Limited or any of its subsidiaries and are made without prejudice and
subject to contract.  The Company Reserves the right to intercept and
review all email communications.

More information about the Users mailing list