[nSLUG] Checkpoint VPN Connection

Rich budman85 at eastlink.ca
Wed Sep 5 17:04:37 ADT 2007



Mark Wood wrote:
> I'm not sure if there is anything on my firewall blocking it; it's 
> just a DLink router so my next thought was to verify that it wasn't 
> filtering anything.  When you ran the Windows client, did you just run 
> the client using Wine and then use your regular Linux environment to 
> connect to the VPN'd network (CVS server, mail server, etc.) or did 
> you do everything in an emulated Windows environment using something 
> like VMWare or Qemu?  I think my Kernel should be OK; it's a fairly 
> recent 2.6 and Openswan installed OK.  Any ideas are appreciated as 
> I'm really winging it.
>

I used Win4Lin at the time, now they sell Win Pro for win2000 and XP.  I 
tried Wine, but I couldn't get the interface working - it was looking 
for network device and kept failing. The win4lin had a virtual network 
card that was very stable, but required patching the kernel.  The WinPro 
version uses modules instead of actually patching the kernel (which got 
harder and harder to do with each newer version).  I was able to 
manually apply patches up to 2.6.15, but some internal changes really 
screwed with the MEI controller, causing it not to port to new kernel 
versions.

Since then, they company I work for switched to a Citrix client which 
works quite well under Linux.  The Java client really sucked and was so 
unstable. ugh.. I don't want to go there.. back to my happy place... :)

As for kernel, you need at least 2.6.9 or higher.  The IPSec was fixed 
in this version, it was available in 2.6.6, but had problems.

Try running a sniffer on your interface to see if you are getting port 
failures.  I forgot how I found out how - I think I bypassed my router 
and ran tcpdump to watch the packets.  I saw some connections trying to 
hit port 59, so I opened that.  Some research on the net (using google 
and groups) I found that port 1755 is the data port.  It works much like 
the ftp protocol.

Try redirecting those two ports to your machines IP address (you may 
need to setup static ip, or set no expire on your leases (that works 
most of the time, until you change nic's)).


Regards
Rich

 



More information about the nSLUG mailing list