1 |
> Good question... I've looked in the past, but never found enough time to |
2 |
> try & |
3 |
> figure that one out... There is almost no informatino around on doing it |
4 |
> though (At least that I've ever managed to find). |
5 |
> |
6 |
> I have a user here who does use Gentoo & kvpn to a cisco concentrator. So |
7 |
> it |
8 |
> SHOULD work almost the same. |
9 |
> |
10 |
> On the checkpoint firewall, are you using standard IPSec tunnels |
11 |
> (Firewall-Firewall type) or trying to use checkpoints remote client |
12 |
> configs? |
13 |
> (WHich normally use a checkpoint client on a windows PC). |
14 |
|
15 |
I'm trying to do 'remote client configs'. As I understand it, there isn't |
16 |
a lot of difference between static and dynamic vpns from the devices' |
17 |
point of view, both types use ipsec, possibly tunnelled inside udp to |
18 |
sneak past nat devices. When I used to configure Cisco Pix's for this a |
19 |
few years ago it didn't distinguish between static and dynamic endpoint |
20 |
vpns, they were part of the same crypto map set bound to an interface. |
21 |
|
22 |
The difficulty is getting xauth in there - straight pre shared keys or |
23 |
cert exchange seem like they will work ok (not tested!). The nice firewall |
24 |
admins at my new office have offered to do a static vpn to my home ip |
25 |
range with pre shared keys, but I'd like to see if I can get the dynamic |
26 |
variant working, since we have a few Linux users with laptops who would |
27 |
find it useful to roam. |
28 |
|
29 |
I'll report back if I find anything useful. |
30 |
|
31 |
P. |
32 |
|
33 |
-- |
34 |
gentoo-user@l.g.o mailing list |