1 |
On Tue, 19 May 2009 22:08:10 +0100 |
2 |
Mick <michaelkintzios@×××××.com> wrote: |
3 |
|
4 |
> On Tuesday 19 May 2009, Michael Higgins wrote: |
5 |
> > On Tue, 19 May 2009 13:57:21 -0500 |
6 |
> > |
7 |
> > Paul Hartman <paul.hartman+gentoo@×××××.com> wrote: |
8 |
> > > Based on a brief googling I didn't see anyone who has a working |
9 |
> > > connection to a Checkpoint VPN. |
10 |
> > |
11 |
> > Thanks, Paul. I've already the "solution", as I'm not so much |
12 |
> > trying to get something accomplished (access machines "inside" |
13 |
> > which I can do just fine with SSH tunnel), as to figure out why we |
14 |
> > have these various, related, open source software packages |
15 |
> > available but no basic client-to-corporate "real-world" |
16 |
> > implementations specifically outlined for the Gentoo community -- |
17 |
> > that I can find. :( |
18 |
|
19 |
[...] |
20 |
|
21 |
> > Or, should I instead, just go outside and play? I thought someone |
22 |
> > else here had hoped to make something like this work... ;-) |
23 |
> |
24 |
> I very much share your frustration. On and off (OK, mostly off) I |
25 |
> have been trying to get a VPN connection to my router going, and have |
26 |
> tried vnpc, kvpn and racoon all of which failed. Meanwhile, a friend |
27 |
> tried the shrew VPN client and succeeded after a couple of hours of |
28 |
> tweaking his Vista box! Arrrgh! |
29 |
|
30 |
Yeah, I have no problem to get to "working", with XP on VMWare. |
31 |
|
32 |
Naturally, I haven't given up. Seems like it's nearly there... also, there are some examples and docs installed. |
33 |
|
34 |
> |
35 |
> I assume that I have all the right components installed (judging from |
36 |
> the wiki pages) |
37 |
|
38 |
Wiki pages? Hmm. Which ones? |
39 |
|
40 |
> but I am not sure about my configuration. Unlike |
41 |
> your set up which seems to be almost there, mine won't even complete |
42 |
> stage 1 handshake. Very, very, very frustrating ... |
43 |
|
44 |
Well, racoon now claims it has started the connexion. It could have been as trivial as a trailing ' ' on my pre-shared secret. Or not... |
45 |
|
46 |
Either way, it's still not working... just a bit closer. |
47 |
|
48 |
racoonctl vc pub.vpn.ip.add |
49 |
VPN connexion established |
50 |
|
51 |
And still nothing useful happens. |
52 |
|
53 |
ping -c 1 192.168.243.140 |
54 |
PING 192.168.243.140 (192.168.243.140) 56(84) bytes of data. |
55 |
|
56 |
--- 192.168.243.140 ping statistics --- |
57 |
1 packets transmitted, 0 received, 100% packet loss, time 0ms |
58 |
|
59 |
And tons of debug info. Well, it's more than I had, but less than useful. |
60 |
|
61 |
> |
62 |
> Sorry that I can't be of much help with this. :( |
63 |
|
64 |
No worries. |
65 |
|
66 |
It seems like this really *should* be possible, though. I'll try to post my findings if I get it working. |
67 |
|
68 |
DEBUG: pfkey UPDATE succeeded: ESP/Tunnel pub.vpn.ip.add[0]->192.168.1.100[0] spi=53896550(0x3366566) |
69 |
May 19 16:00:21 lappy racoon: INFO: IPsec-SA established: ESP/Tunnel 198.145.243.130[0]->192.168.1.100[0] spi=53896550(0x3366566) |
70 |
May 19 16:00:21 lappy racoon: phase2(quick): 0.337284 |
71 |
May 19 16:00:21 lappy racoon: DEBUG: === |
72 |
May 19 16:00:21 lappy racoon: DEBUG: pk_recv: retry[0] recv() |
73 |
May 19 16:00:21 lappy racoon: DEBUG: get pfkey ADD message |
74 |
|
75 |
May 19 16:00:21 lappy racoon: INFO: IPsec-SA established: ESP/Tunnel 192.168.1.100[4500]->pub.vpn.ip.add[4500] spi=1021286747(0x3cdf995b) |
76 |
|
77 |
Not much showing for the failure to communicate, though. :( |
78 |
|
79 |
Cheers, |
80 |
|
81 |
-- |
82 |
|\ /| | | ~ ~ |
83 |
| \/ | |---| `|` ? |
84 |
| |ichael | |iggins \^ / |
85 |
michael.higgins[at]evolone[dot]org |