[nSLUG] Checkpoint VPN Connection
budman85 at eastlink.ca
Wed Sep 5 12:55:28 ADT 2007
> Has anyone on the list heard of or implemented a successful connection
> from a Linux box (Suse 10 in my case) using Openswan to a Checkpoint
> VPN? Traditionally, we connect using the provided Checkpoint
> (Windows) client, but I've been searching around and have found a few
> articles that indicate the Linux connection may work. I'm not
> terribly familiar with Openswan, so I'm still at the poking around
> stage, trying to figure out what is going wrong with the connection.
> As far as I can tell, there isn't anything on the VPN side that will
> prevent a Linux connection, since it's simply looking for a
> certificate (which I have). I used openssl to convert the PKCS12 (?)
> cert into pem files that ipsec could read and appear to have the
> connection details correct in ipsec.conf (ip of vpn, vpn subnet, my
> local ip, subnet and Eastlink IP from my router). So far it just
> tries to connect and doesn't succeed; tonight I'll try to figure out
> how to get more debug info but I thought I'd ask if anyone had done it
> or knew for sure that it won't work. Thanks.
I was about to use openswan when they decided to block it. I had to
use a virtual win98 client and then use their supplied vpn software from
That worked for 2 years and was very solid. I was surprised, its the
longest I ever seen Win98 running without blue (200+ hours one time).
Anyway, if your using Linux router/firewall, you need IPSec enabled
(which needs 2.6.9 or higher) and a few ports need to be opened (I think
59 and 1755). I could find my kernel config (its somewhere around
here) to get the exact modules you need compiled into the kernel.
More information about the nSLUG