Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
From: Dru (dlavigne6_at_cogeco.ca)
Date: Sat Jul 27 2002 - 07:39:46 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    On Fri, 26 Jul 2002, Matthew Grooms wrote:

    > Hello,
    > I have a freebsd related ipsec question. I have set up a checkpoint
    > vpn1/fw1 NG ( feature pack 2 )gateway for vpn connectivity to the
    > hospital I work for. Most of the guys on my team run linux/bsd at thier
    > house so I have set up encrypt rules in vpn1 to allow us connect to the
    > checkpoint box and tunnel into our network from home. In any case, one
    > of my coworkers has had pretty good success with the freeswan ( can
    > connect and route traffic ) but I am getting some weird behavior using
    > racoon/kame ipsec. I was hoping somone could help me out with this. I
    > have attached most configuration info in this email and am more than
    > willing to try just about anything to get this up and running. I could
    > even go so far as to set up a temporary profile in a sandbox if somone
    > who knows what they are doing would like take a stab at it.
    > I am running Checkpoint VPN1/FW1 with Feature pack 2 installed. The
    > VPN1 side is set up to reflect my freebsd configuration. I am using
    > preshared keys for authentication 3des/md5 & pfs. ( although I have
    > tried a myriad of permutations ) The freebsd side is version 4.4 with
    > the following kernel options.

    <snip configs>

    Have you tried a "tcpdump port 500" during Phase 1 negotiations? This will
    show the proposal exchange so you can see which parts aren't matching up.
    If that doesn't do it, send that output along with your racoon.conf file.


    To Unsubscribe: send mail to majordomoFreeBSD.org
    with "unsubscribe freebsd-security" in the body of the message