|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: VPN OBSD <-> FW1
From: Steven S. (ssurdock
engineered-net.com)
Date: Mon Nov 01 2004 - 19:45:51 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Do you mean Check Point FW-1? What version and on what platform?
I configured an VPN between OBSD 3.5 and FW-1/NG/R55 on SPLAT with no code
changes on either side.
How is the VPN configured on the FW1 side? If you have access to the FW1
box (and it's Check Point FW-1;-) take a look at the 'vpn tunnelutil'
command.
-Steve S.
Rafael Coninck Teigão wrote:
> Hi, pp.
> I'm trying to create a VPN between a OBSD 3.5 and a FW1 server, but
> I'm getting this error message:
> Nov 1 20:49:40 marte isakmpd[1035]: transport_send_messages: giving
> up on message 0x3c12c600, exchange Andritz
..stuff deleted
>
> Does anyone know what's wrong here? Any help would be apreciated...
>
> Oh, and by the way, before I got here, I's seeing this error
> message: essage_recv: cleartext phase 2 message
> But I've read somewhere that this was indeed a problem with FW1 and
> that the following block of code should be commented in the source
> (messages.c):
> /* Require encryption as soon as we have the keystate for it. */
> /*
> if ((flags & ISAKMP_FLAGS_ENC) == 0 &&
> (msg->exchange->phase == 2 || msg->exchange->keystate))
> {
> log_print ("message_recv: cleartext phase %d message",
> msg->exchange->phase);
> message_drop (msg, ISAKMP_NOTIFY_INVALID_FLAGS, 0, 1, 1);
> return -1;
> }
> */
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]