[Openswan Users] Connecting to Checkpoint VPN-1

Kerese Péter pkerese at ww55.hu
Thu Apr 2 14:11:42 EDT 2009


Hi Eugene,

Openswan works with checkpoint just use the same IKE and ESP settings like
on checkpoint. 

For me the next used to work:

conn Eugene_succeeds

left=your_openswan_side
leftsubnet=openswan_local_subnet
ike=aes256-sha1
esp=aes128-md5
right=checkpoint_ip
rightsubnet=subnet_behind_checkpoint
auto=start
authby=secret
aggrmode=no
ikelifetime=1440
keylife=3600
pfs=no

Use ipsec auto --add and ipsec auto --up to establish the connection and
watch the logs. If you cannot figure out what can be wrong then you can
increase the debug level with ipsec whack to the specified tunnel only or
just simply look for the word 'known' since checkpoint likes to offer
different netmasks and openswan selects the connection based on the
proposal.

Good luck !
-- 
Peter

On Thu, 02 Apr 2009 21:26:42 +0400, Eugene Kotlyarov
<e.kotlyarov at gmail.com>
wrote:
> Hi
> 
> I wonder if anyone actually successfully connected to Checkpoint VPN-1?
> 
> I used this instructions, for configuration
> 
>
http://www.fw-1.de/aerasec/ng/vpn-freeswan/CP-FW1-NG+Linux-FreeSWAN-Gateway.html
> 
> but they are quite outdated and didn't work for me anyway.
> Should openswan work with Checkpoint or are they using some kind of 
> proprietary protocol?
> 


More information about the Users mailing list