OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Dru (dlavigne6_at_cogeco.ca)
Date: Sat Jul 27 2002 - 07:39:46 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    On Fri, 26 Jul 2002, Matthew Grooms wrote:

    > Hello,
    >
    > I have a freebsd related ipsec question. I have set up a checkpoint
    > vpn1/fw1 NG ( feature pack 2 )gateway for vpn connectivity to the
    > hospital I work for. Most of the guys on my team run linux/bsd at thier
    > house so I have set up encrypt rules in vpn1 to allow us connect to the
    > checkpoint box and tunnel into our network from home. In any case, one
    > of my coworkers has had pretty good success with the freeswan ( can
    > connect and route traffic ) but I am getting some weird behavior using
    > racoon/kame ipsec. I was hoping somone could help me out with this. I
    > have attached most configuration info in this email and am more than
    > willing to try just about anything to get this up and running. I could
    > even go so far as to set up a temporary profile in a sandbox if somone
    > who knows what they are doing would like take a stab at it.
    >
    > I am running Checkpoint VPN1/FW1 with Feature pack 2 installed. The
    > VPN1 side is set up to reflect my freebsd configuration. I am using
    > preshared keys for authentication 3des/md5 & pfs. ( although I have
    > tried a myriad of permutations ) The freebsd side is version 4.4 with
    > the following kernel options.

    <snip configs>

    Have you tried a "tcpdump port 500" during Phase 1 negotiations? This will
    show the proposal exchange so you can see which parts aren't matching up.
    If that doesn't do it, send that output along with your racoon.conf file.

    Dru

    To Unsubscribe: send mail to majordomoFreeBSD.org
    with "unsubscribe freebsd-security" in the body of the message