[Openswan Users] Having trouble connecting to Checkpoint VPN.

[Michael Capozzi]

I am having trouble connecting an Ubuntu 7.10 laptop using the current
Ubuntu version of openswan to a Checkpoint VPN-1.

I have followed the steps located here:
http://www.fw-1.de/aerasec/ng/vpn-freeswan/CP-FW1-NG
+Linux-FreeSWAN-RoadWarrior.html

Here is the (IPs and FQDNs renamed) contents of my ipsec.conf file:

version 2.0

config setup
        interfaces=%defaultroute
        plutodebug="control"

conn TRG
        right=%defaultroute
        rightrsasigkey=%cert
        #rightid="/O=FQDNofCA.aaqg3f/OU=users/CN=Username"
        rightcert=freeswan-cert.pem
        left=IPofGateway
        leftsubnet=192.168.2.0/24
        leftcert=firewall.pem
        leftrsasigkey=%cert
        leftid=IPofGateway
        #leftid="O=FQDNofCA.aaqg3f, CN=FQDNofGateway VPN Certificate"
        #leftid="/O=FQDNofCA.aaqg3f/CN=FQDNofGateway VPN Certificate"
        type=tunnel
        keyingtries=0
        disablearrivalcheck=no
	authby=rsasig
        auth=esp
        keyexchange=ike
        auto=add
        pfs=no

When I try to bring up the tunnel I get the following:
root at ubuntu-vpn-test:/etc/ipsec.d/certs# ipsec auto --up TRG
104 "TRG" #1: STATE_MAIN_I1: initiate
106 "TRG" #1: STATE_MAIN_I2: sent MI2, expecting MR2
108 "TRG" #1: STATE_MAIN_I3: sent MI3, expecting MR3
003 "TRG" #1: we require peer to have ID 'O=FQDNofCA.aaqg3f,
CN=FQDNofGateway VPN Certificate', but peer declares 'IPofGateway'
218 "TRG" #1: STATE_MAIN_I3: INVALID_ID_INFORMATION

As you can tell from the config file, I have tried setting the leftid to
what it appears to be asking for but I still cannot connect.  From the
Checkpoint side, it looks like a successful login.

Any help would be greatly appreciated.

Thanks,
Mike Capozzi
Network Administrator
The Rochester Group, Inc.