[Openswan Users] Help with Checkpoint VPN configuration

[Paul Wouters]

On Thu, 28 Jul 2011, victorjabur at gmail.com wrote:

> I'm trying to configure the openswan on my Linux Ubuntu 11.04 x64 machine to access the VPN Windows Checkpoint.
> 
> I already installed openswan and the question is how correct configuration to make it.
> 
> 1) This is my /etc/ipsec.conf
> 
> config setup
>     interfaces="ipsec0=ppp0"
>     klipsdebug=none
>     plutodebug=none
>     manualstart=
>     plutoload=

Specify interfaces="%defaultroute" and protostack=. The ipsec0 interface is only available
with protostack=klips not with protostack=netkey (the default kernel only supports netkey)

> conn company
>     type=tunnel
>         left=%defaultroute
>     leftid=@groupcompany   
>     leftxauthclient=yes
>     right=999.999.999.999
>     rightxauthserver=yes
>     keyexchange=ike
>     auth=esp
>     pfs=no
> 
> 
> conn company_1
>          left=%defaultroute
>          leftid=@groupcompany
>          leftxauthclient=yes
>          right=999.999.999.999                  # IP of VPN Server
>          rightxauthserver=yes
>          authby=secret
>          auto=add
>

> 2) This is my /etc/ipsec.secrets
> 
>   @groupcompany    999.999.999.999 : PSK "ab927263cc4654645f334"

If that is your production secret, please change it as you just posted it to everyone!!

> The only information that i have to connect on the VPN Server is:
> IP: 999.999.999.999
> Username: myuser
> Password: MyPass

Try using leftxauthuser= and add the passwd in ipsec.secrets:

@myuser : XAUTH "MyPass"

> There is any way to detect the problem ? Would you help me to make the correct configurations ?

Check /var/log/secure or /var/log/auth*

Paul