FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Gentoo > Gentoo User

 
 
LinkBack Thread Tools
 
Old 04-30-2008, 08:01 AM
"Paul Sobey"
 
Default Linux box -> Checkpoint Firewall

Hello All,

Does anybody know if it's possible to set up a vpn from a Gentoo machine
to a Checkpoint firewall? With pre shared keys it seems easy enough but I
need to connect using xauth and RSA tokens. Has anybody attempted such a
connection?

Cheers,
Paul


--
gentoo-user@lists.gentoo.org mailing list
 
Old 04-30-2008, 09:38 AM
Hamish
 
Default Linux box -> Checkpoint Firewall

On Wednesday 30 April 2008 09:01:11 Paul Sobey wrote:
> Does anybody know if it's possible to set up a vpn from a Gentoo machine
> to a Checkpoint firewall? With pre shared keys it seems easy enough but I
> need to connect using xauth and RSA tokens. Has anybody attempted such a
> connection?

Good question... I've looked in the past, but never found enough time to try &
figure that one out... There is almost no informatino around on doing it
though (At least that I've ever managed to find).

I have a user here who does use Gentoo & kvpn to a cisco concentrator. So it
SHOULD work almost the same.

On the checkpoint firewall, are you using standard IPSec tunnels
(Firewall-Firewall type) or trying to use checkpoints remote client configs?
(WHich normally use a checkpoint client on a windows PC).

H


--
gentoo-user@lists.gentoo.org mailing list
 
Old 04-30-2008, 10:06 AM
"Paul Sobey"
 
Default Linux box -> Checkpoint Firewall

> Good question... I've looked in the past, but never found enough time to
> try &
> figure that one out... There is almost no informatino around on doing it
> though (At least that I've ever managed to find).
>
> I have a user here who does use Gentoo & kvpn to a cisco concentrator. So
> it
> SHOULD work almost the same.
>
> On the checkpoint firewall, are you using standard IPSec tunnels
> (Firewall-Firewall type) or trying to use checkpoints remote client
> configs?
> (WHich normally use a checkpoint client on a windows PC).

I'm trying to do 'remote client configs'. As I understand it, there isn't
a lot of difference between static and dynamic vpns from the devices'
point of view, both types use ipsec, possibly tunnelled inside udp to
sneak past nat devices. When I used to configure Cisco Pix's for this a
few years ago it didn't distinguish between static and dynamic endpoint
vpns, they were part of the same crypto map set bound to an interface.

The difficulty is getting xauth in there - straight pre shared keys or
cert exchange seem like they will work ok (not tested!). The nice firewall
admins at my new office have offered to do a static vpn to my home ip
range with pre shared keys, but I'd like to see if I can get the dynamic
variant working, since we have a few Linux users with laptops who would
find it useful to roam.

I'll report back if I find anything useful.

P.

--
gentoo-user@lists.gentoo.org mailing list
 

Thread Tools




All times are GMT. The time now is 10:45 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org