| 1 |
On Tue, 19 May 2009 22:08:10 +0100 |
| 2 |
Mick <michaelkintzios@×××××.com> wrote: |
| 3 |
|
| 4 |
> On Tuesday 19 May 2009, Michael Higgins wrote: |
| 5 |
> > On Tue, 19 May 2009 13:57:21 -0500 |
| 6 |
> > |
| 7 |
> > Paul Hartman <paul.hartman+gentoo@×××××.com> wrote: |
| 8 |
> > > Based on a brief googling I didn't see anyone who has a working |
| 9 |
> > > connection to a Checkpoint VPN. |
| 10 |
> > |
| 11 |
> > Thanks, Paul. I've already the "solution", as I'm not so much |
| 12 |
> > trying to get something accomplished (access machines "inside" |
| 13 |
> > which I can do just fine with SSH tunnel), as to figure out why we |
| 14 |
> > have these various, related, open source software packages |
| 15 |
> > available but no basic client-to-corporate "real-world" |
| 16 |
> > implementations specifically outlined for the Gentoo community -- |
| 17 |
> > that I can find. :( |
| 18 |
|
| 19 |
[...] |
| 20 |
|
| 21 |
> > Or, should I instead, just go outside and play? I thought someone |
| 22 |
> > else here had hoped to make something like this work... ;-) |
| 23 |
> |
| 24 |
> I very much share your frustration. On and off (OK, mostly off) I |
| 25 |
> have been trying to get a VPN connection to my router going, and have |
| 26 |
> tried vnpc, kvpn and racoon all of which failed. Meanwhile, a friend |
| 27 |
> tried the shrew VPN client and succeeded after a couple of hours of |
| 28 |
> tweaking his Vista box! Arrrgh! |
| 29 |
|
| 30 |
Yeah, I have no problem to get to "working", with XP on VMWare. |
| 31 |
|
| 32 |
Naturally, I haven't given up. Seems like it's nearly there... also, there are some examples and docs installed. |
| 33 |
|
| 34 |
> |
| 35 |
> I assume that I have all the right components installed (judging from |
| 36 |
> the wiki pages) |
| 37 |
|
| 38 |
Wiki pages? Hmm. Which ones? |
| 39 |
|
| 40 |
> but I am not sure about my configuration. Unlike |
| 41 |
> your set up which seems to be almost there, mine won't even complete |
| 42 |
> stage 1 handshake. Very, very, very frustrating ... |
| 43 |
|
| 44 |
Well, racoon now claims it has started the connexion. It could have been as trivial as a trailing ' ' on my pre-shared secret. Or not... |
| 45 |
|
| 46 |
Either way, it's still not working... just a bit closer. |
| 47 |
|
| 48 |
racoonctl vc pub.vpn.ip.add |
| 49 |
VPN connexion established |
| 50 |
|
| 51 |
And still nothing useful happens. |
| 52 |
|
| 53 |
ping -c 1 192.168.243.140 |
| 54 |
PING 192.168.243.140 (192.168.243.140) 56(84) bytes of data. |
| 55 |
|
| 56 |
--- 192.168.243.140 ping statistics --- |
| 57 |
1 packets transmitted, 0 received, 100% packet loss, time 0ms |
| 58 |
|
| 59 |
And tons of debug info. Well, it's more than I had, but less than useful. |
| 60 |
|
| 61 |
> |
| 62 |
> Sorry that I can't be of much help with this. :( |
| 63 |
|
| 64 |
No worries. |
| 65 |
|
| 66 |
It seems like this really *should* be possible, though. I'll try to post my findings if I get it working. |
| 67 |
|
| 68 |
DEBUG: pfkey UPDATE succeeded: ESP/Tunnel pub.vpn.ip.add[0]->192.168.1.100[0] spi=53896550(0x3366566) |
| 69 |
May 19 16:00:21 lappy racoon: INFO: IPsec-SA established: ESP/Tunnel 198.145.243.130[0]->192.168.1.100[0] spi=53896550(0x3366566) |
| 70 |
May 19 16:00:21 lappy racoon: phase2(quick): 0.337284 |
| 71 |
May 19 16:00:21 lappy racoon: DEBUG: === |
| 72 |
May 19 16:00:21 lappy racoon: DEBUG: pk_recv: retry[0] recv() |
| 73 |
May 19 16:00:21 lappy racoon: DEBUG: get pfkey ADD message |
| 74 |
|
| 75 |
May 19 16:00:21 lappy racoon: INFO: IPsec-SA established: ESP/Tunnel 192.168.1.100[4500]->pub.vpn.ip.add[4500] spi=1021286747(0x3cdf995b) |
| 76 |
|
| 77 |
Not much showing for the failure to communicate, though. :( |
| 78 |
|
| 79 |
Cheers, |
| 80 |
|
| 81 |
-- |
| 82 |
|\ /| | | ~ ~ |
| 83 |
| \/ | |---| `|` ? |
| 84 |
| |ichael | |iggins \^ / |
| 85 |
michael.higgins[at]evolone[dot]org |
Archives