All,
According to these release notes...
Regards,
-Randy Galbraith
This is true. You won't be able to find a vpn client from Check Point that runs on a recent kernel. That's a pity indeed.
I've not tried an opensource IPSEC client against a Check Point firewall but if it should work you'll probably run into problems when you're behind a NAT device.
Br. Robby
Am Fri, 01 Jun 2007 14:23:20 +0000 schrieb Robby Cauwerts:
Hi,
vpnc works well and openswan either, even with nat traversal.
Robby, Burkhard,
Thanks for the reply. With Dell[1] now shipping Ubuntu Linux based systems, perhaps CheckPoint will be motivated to update their client. In any regards, I will give vpnc[2] and openswan[3] a try (as soon our network guys setup my access ;) ) and report back my results here. I will be doing NAT with a Netgear RangeMax router via a cox.net connection -- so wish me success :).
Regards,
-Randy Galbraith [1]
That's good news indeed. Just verify that you're not using a subnet at home that is also used in the encryption domain of your firewall. Even if vpnc/openswan supports NAT-T against CP I can't find any info that they also support office mode.
Br. Robby
Am Fri, 01 Jun 2007 10:31:08 -0700 schrieb Robby Cauwerts:
What do you mean with office mode? I suggest all your traffic goes via VPN? Obviously I got every VPN with linux and with OpenBSD either for now and I bet this one too.
Am Fri, 01 Jun 2007 16:28:11 +0000 schrieb RandyG271:
You bet we get that working.
I have been using vpnc to good effect.
maybe you could give a little advise then? as far as i've used vpn access to checkpoint (using Checkpoint's client on windows) i was using a certificate to connect with. the vpnc config example only shows up a shared secret option and i don't have a clue how to enter this kind of access to Checkpoint VPN-1 (there is no option to set shared secret on Checkpoint using the "Remote Access" object which is needed for (you won't believe it ;-) client access from remote...but i may be just blind)
BR Thomas
You have to enable FW-1 User Name and Password (or whatever it is called) on the firewall object in the remote access authentication section. Then you have to go to the user's object and enter their password there.
Ray
thx for the answer but entering the logon credentials wasn't my problem, i've got it almost immediately. i didn't find the settings for entering a shared secret (searched for it everywhere except the ike settings of the user itself where it has to be of course *sigh*).
at the moment i'm getting "isakmp_n_invalid_cookie(4)" from vpnc and "unsupported exchange type" from checkpoint (got the very same message before entering the shared secret on checkpoint so this has to be an other problem).
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.