[Openswan Users] VPN connect to Checkpoint from openswan

Matteo Manzinello mmanzinello at yahoo.it
Mon Sep 17 08:46:42 EDT 2012


Hi all,

I have a "Check Point Endpoint Security" R80.10 in Windows 7 and connect with pubblic IP in VPN with username/password. Is it possible create the same VPN connections in Linux environment? 
I installed openswan on Linux Debian but this configuration (ipsec.conf) does not connect because it can not comunicate with port 500 ESP:
-------------------------------------------------------------------------------------------------------------

# ipsec.conf - strongSwan IPsec configuration file
config setup
    plutostart=yes
    nat_traversal=yes
    plutodebug=all

# Add connections here.

conn remoto
        type=tunnel
        keyexchange=ike
        auth=esp
        pfs=no
        authby=secret
        keyingtries=0
        forceencaps=yes
        compress=no
        auto=start
        #FASE 1
        ike=3des-sha1-modp1024
        ikelifetime=86400s
        #FASE 2
        esp=3des-sha1
        keylife=3600s
        #Node my
        leftsourceip=%modeconfig
        #NODE checkpoint
        right=XXX.XXX.XXX.XXX

# include /var/lib/strongswan/ipsec.conf.inc
------------------------------------------------------------------------------------------------------------- 

This is ipsec error message:

giving up after 5 retransmits
peer not responding, trying again (2/0)
initiating IKE_SA remoto[1] to XXX.XXX.XXX.XXX
generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
sending packet: from %any to XXX.XXX.XXX.XXX[500]
retransmit 1 of request with message ID 0
sending packet: from %any to XXX.XXX.XXX.XXX[500]
retransmit 2 of request with message ID 0
sending packet: from %any to XXX.XXX.XXX.XXX[500]

I have a proxy and has been set with variable http_proxy.
please, can someone help me
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20120917/43647d68/attachment.html>


More information about the Users mailing list