Gentoo Archives: gentoo-user

From: Paul Sobey <buddha@××××××××××.net>
To: gentoo-user@l.g.o
Subject: Re: [gentoo-user] Linux box -> Checkpoint Firewall
Date: Wed, 30 Apr 2008 10:06:23
Message-Id: 39639.82.150.99.2.1209549979.squirrel@webmail.the-annexe.net
In Reply to: Re: [gentoo-user] Linux box -> Checkpoint Firewall by Hamish
1 > Good question... I've looked in the past, but never found enough time to
2 > try &
3 > figure that one out... There is almost no informatino around on doing it
4 > though (At least that I've ever managed to find).
5 >
6 > I have a user here who does use Gentoo & kvpn to a cisco concentrator. So
7 > it
8 > SHOULD work almost the same.
9 >
10 > On the checkpoint firewall, are you using standard IPSec tunnels
11 > (Firewall-Firewall type) or trying to use checkpoints remote client
12 > configs?
13 > (WHich normally use a checkpoint client on a windows PC).
14
15 I'm trying to do 'remote client configs'. As I understand it, there isn't
16 a lot of difference between static and dynamic vpns from the devices'
17 point of view, both types use ipsec, possibly tunnelled inside udp to
18 sneak past nat devices. When I used to configure Cisco Pix's for this a
19 few years ago it didn't distinguish between static and dynamic endpoint
20 vpns, they were part of the same crypto map set bound to an interface.
21
22 The difficulty is getting xauth in there - straight pre shared keys or
23 cert exchange seem like they will work ok (not tested!). The nice firewall
24 admins at my new office have offered to do a static vpn to my home ip
25 range with pre shared keys, but I'd like to see if I can get the dynamic
26 variant working, since we have a few Linux users with laptops who would
27 find it useful to roam.
28
29 I'll report back if I find anything useful.
30
31 P.
32
33 --
34 gentoo-user@l.g.o mailing list