[Openswan Users] RES: VPN - ClarkConnect v5.0 (OpenSwan U2.6.14/K2.6.18-128.2.16.v5) x CheckPoint Firewall
earndt at br.lockton.com
Wed Aug 26 16:56:43 EDT 2009
I believe I´ve got it. I have put this information on ipsec.conf and let ICMP from their network.
# ESP (Protocolo 50)
iptables -A INPUT -i eth0 -d $MYNET -s $THEIRNET -p 50 -j ACCEPT
iptables -A OUTPUT -o eth0 -s $MYNET -d $THEIRNET -p 50 -j ACCEPT
# Company network
iptables -A INPUT -s $THEIRNET -p icmp -j ACCEPT
Lockton Brasil Corretora de Seguros Ltda
Tel: 5511.3371.9137 / 55.11.3528.9137
De: Nick Howitt [mailto:n1ck.h0w1tt at gmail.com]
Enviada em: segunda-feira, 24 de agosto de 2009 18:00
Para: Estevao Arndt
Cc: users at openswan.org
Assunto: Re: [Openswan Users] VPN - ClarkConnect v5.0 (OpenSwan U2.6.14/K2.6.18-128.2.16.v5) x CheckPoint Firewall
This looks like you have gone for the standard ClarkConnect unmanaged VPN setup. Is that correct? If so, it will not work if it is behind a checkpoint firewall, or is the CC box one gateway and the Checkpoint firewall the othr VPN/gateway?
If you are asked to upgrade Openswan, see this thread from the CC forums (especially the second post): http://forums.clarkconnect.com/showthreaded.php?Cat=0&Number=98437&page=0. It tells you how to edit the makefile.inc. You will also need to do the following (as CC5 now uses yum and not apt):
yum groupinstall "Development Tools"
yum install xmlto
If you end up setting up openswan by hand, you will break the GUI interface, but it will work.
On 24/08/2009 20:55, Estevao Arndt wrote:
I am trying to do a VPN between our office and the HeadOffice, but I can not get connected.
I have this message:
[root at locktonbrasil etc]# ipsec auto --up hqnetBrasil-satnetBrasil
104 "hqnetBrasil-satnetBrasil" #10: STATE_MAIN_I1: initiate
010 "hqnetBrasil-satnetBrasil" #10: STATE_MAIN_I1: retransmission; will wait 20s for response
010 "hqnetBrasil-satnetBrasil" #10: STATE_MAIN_I1: retransmission; will wait 40s for response
031 "hqnetBrasil-satnetBrasil" #10: max number of retransmissions (2) reached STATE_MAIN_I1. No response (or no acceptable response) to our first IKE message
000 "hqnetBrasil-satnetBrasil" #10: starting keying attempt 2 of at most 3, but releasing whack
See attached my ipsec.conf and ipsec.Brasil.conf. Can you help me on that?
Users at openswan.org
Building and Integrating Virtual Private Networks with Openswan:
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users