[nSLUG] Checkpoint VPN Connection

Rich budman85 at eastlink.ca
Wed Sep 5 12:55:28 ADT 2007

> Has anyone on the list heard of or implemented a successful connection 
> from a Linux box (Suse 10 in my case) using Openswan to a Checkpoint 
> VPN?  Traditionally, we connect using the provided Checkpoint 
> (Windows) client, but I've been searching around and have found a few 
> articles that indicate the Linux connection may work.  I'm not 
> terribly familiar with Openswan, so I'm still at the poking around 
> stage, trying to figure out what is going wrong with the connection.  
> As far as I can tell, there isn't anything on the VPN side that will 
> prevent a Linux connection, since it's simply looking for a 
> certificate (which I have).  I used openssl to convert the PKCS12 (?) 
> cert into pem files that ipsec could read and appear to have the 
> connection details correct in ipsec.conf (ip of vpn, vpn subnet, my 
> local ip, subnet and Eastlink IP from my router).  So far it just 
> tries to connect and doesn't succeed; tonight I'll try to figure out 
> how to get more debug info but I thought I'd ask if anyone had done it 
> or knew for sure that it won't work.  Thanks.


I was about to use openswan when they decided to block it.   I had to 
use a virtual win98 client and then use their supplied vpn software from 
That worked for 2 years and was very solid. I was surprised, its the 
longest I ever seen Win98 running without blue (200+ hours one time). 

Anyway, if your using Linux router/firewall, you need IPSec enabled 
(which needs 2.6.9 or higher) and a few ports need to be opened (I think 
59 and 1755).   I could find my kernel config (its somewhere around 
here) to get the exact modules you need compiled into the kernel.


More information about the nSLUG mailing list