[Openswan Users] VPN connect to Checkpoint from openswan

Patrick Naubert patrickn at xelerance.com
Mon Sep 17 07:47:45 EDT 2012


Saved from the Spam bucket.  Please remember to register to the mailing list before posting to it.

> From: Matteo Manzinello <matteo at manzinello.it>
> Subject: VPN connect to Checkpoint from openswan
> Date: 17 September, 2012 5:52:43 AM EDT
> To: "users at lists.openswan.org" <users at lists.openswan.org>
> Reply-To: Matteo Manzinello <matteo at manzinello.it>
> 
> 
> Hi all,
> I have a "Check Point Endpoint Security" R80.10 in Windows 7 and connect with pubblic IP in VPN with username/password. Is it possible create the same VPN connections in Linux environment? 
> I installed openswan on Linux Debian but this configuration (ipsec.conf) does not connect because it can not comunicate with port 500 ESP:
> -------------------------------------------------------------------------------------------------------------
> # ipsec.conf - strongSwan IPsec configuration file
> config setup
>     plutostart=yes
>     nat_traversal=yes
>     plutodebug=all
> 
> # Add connections here.
> 
> conn remoto
>         type=tunnel
>         keyexchange=ike
>         auth=esp
>         pfs=no
>         authby=secret
>         keyingtries=0
>         forceencaps=yes
>         compress=no
>         auto=start
>         #FASE 1
>         ike=3des-sha1-modp1024
>         ikelifetime=86400s
>         #FASE 2
>         esp=3des-sha1
>         keylife=3600s
>         #Node my
>         leftsourceip=%modeconfig
>         #NODE checkpoint
>         right=XXX.XXX.XXX.XXX
> 
> # include /var/lib/strongswan/ipsec.conf.inc
> ------------------------------------------------------------------------------------------------------------- 
> This is ipsec error message:
> 
> giving up after 5 retransmits
> peer not responding, trying again (2/0)
> initiating IKE_SA remoto[1] to XXX.XXX.XXX.XXX
> generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
> sending packet: from %any to XXX.XXX.XXX.XXX[500]
> retransmit 1 of request with message ID 0
> sending packet: from %any to XXX.XXX.XXX.XXX[500]
> retransmit 2 of request with message ID 0
> sending packet: from %any to XXX.XXX.XXX.XXX[500]
> 
> I have a proxy and has been set with variable http_proxy.
> please, can someone help me
> 
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20120917/9ca8b791/attachment.html>


More information about the Users mailing list