VPN-1 CheckPoint Linux client -- no longer supported?

VPN-1 CheckPoint Linux client -- no longer supported?

am 01.06.2007 00:33:53 von RandyG271

All,

According to these release notes...

http://www.checkpoint.com/techsupport/downloads/html/securem ote/sr-5-0/SecureClient_NG_build_53328.pdf

of July 7, 2003 CheckPoint's VPN client software only works with Red
Hat 7.2 and 7.3. The release notes specifically state Red Hat 8.0 and
later is not supported. Please reply to this post if you can either
confirm or deny this limitation is true. Is it true CheckPoint has
stopped upgrading their Linux VPN client? Is there an open source
alternative?

Regards,
-Randy Galbraith

Re: VPN-1 CheckPoint Linux client -- no longer supported?

am 01.06.2007 16:23:20 von Robby Cauwerts

On Jun 1, 12:33 am, RandyG271 wrote:
> of July 7, 2003 CheckPoint's VPN client software only works with Red
> Hat 7.2 and 7.3. The release notes specifically state Red Hat 8.0 and
> later is not supported. Please reply to this post if you can either
> confirm or deny this limitation is true.

This is true.
You won't be able to find a vpn client from Check Point that runs on a
recent kernel.
That's a pity indeed.

I've not tried an opensource IPSEC client against a Check Point
firewall but if it should work you'll probably run into problems when
you're behind a NAT device.

Br.
Robby

Re: VPN-1 CheckPoint Linux client -- no longer supported?

am 01.06.2007 16:38:38 von Burkhard Ott

Am Fri, 01 Jun 2007 14:23:20 +0000 schrieb Robby Cauwerts:

> On Jun 1, 12:33 am, RandyG271 wrote:
>> of July 7, 2003 CheckPoint's VPN client software only works with Red
>> Hat 7.2 and 7.3. The release notes specifically state Red Hat 8.0 and
>> later is not supported. Please reply to this post if you can either
>> confirm or deny this limitation is true.
> I've not tried an opensource IPSEC client against a Check Point
> firewall but if it should work you'll probably run into problems when
> you're behind a NAT device.
>
> Br.
> Robby
Hi,

vpnc works well and openswan either, even with nat traversal.

Re: VPN-1 CheckPoint Linux client -- no longer supported?

am 01.06.2007 18:28:11 von RandyG271

Robby, Burkhard,

> Hi,
>
> vpnc works well and openswan either, even with nat traversal.

Thanks for the reply. With Dell[1] now shipping Ubuntu Linux based
systems, perhaps CheckPoint will be motivated to update their client.
In any regards, I will give vpnc[2] and openswan[3] a try (as soon our
network guys setup my access ;) ) and report back my results here. I
will be doing NAT with a Netgear RangeMax router via a cox.net
connection -- so wish me success :).

Regards,
-Randy Galbraith
[1] http://www.dell.com/open
[2] http://www.vpnc.org/
[3] http://www.openswan.org/

Re: VPN-1 CheckPoint Linux client -- no longer supported?

am 01.06.2007 19:31:08 von Robby Cauwerts

On 1 jun, 18:28, RandyG271 wrote:
> Robby, Burkhard,
>
> > Hi,
>
> > vpnc works well and openswan either, even with nat traversal.
>
> Thanks for the reply. With Dell[1] now shipping Ubuntu Linux based
> systems, perhaps CheckPoint will be motivated to update their client.
> In any regards, I will give vpnc[2] and openswan[3] a try (as soon our
> network guys setup my access ;) ) and report back my results here. I
> will be doing NAT with a Netgear RangeMax router via a cox.net
> connection -- so wish me success :).
>

That's good news indeed.
Just verify that you're not using a subnet at home that is also used
in the encryption domain of your firewall.
Even if vpnc/openswan supports NAT-T against CP I can't find any info
that they also support office mode.

Br.
Robby

Re: VPN-1 CheckPoint Linux client -- no longer supported?

am 01.06.2007 20:35:57 von Burkhard Ott

Am Fri, 01 Jun 2007 10:31:08 -0700 schrieb Robby Cauwerts:

> Even if vpnc/openswan supports NAT-T against CP I can't find any info
> that they also support office mode.
What do you mean with office mode?
I suggest all your traffic goes via VPN?
Obviously I got every VPN with linux and with OpenBSD either for now and I
bet this one too.

Re: VPN-1 CheckPoint Linux client -- no longer supported?

am 01.06.2007 20:37:01 von Burkhard Ott

Am Fri, 01 Jun 2007 16:28:11 +0000 schrieb RandyG271:

> Thanks for the reply. With Dell[1] now shipping Ubuntu Linux based
> systems, perhaps CheckPoint will be motivated to update their client.
> In any regards, I will give vpnc[2] and openswan[3] a try (as soon our
> network guys setup my access ;) ) and report back my results here. I
> will be doing NAT with a Netgear RangeMax router via a cox.net
> connection -- so wish me success :).

You bet we get that working.

Re: VPN-1 CheckPoint Linux client -- no longer supported?

am 10.06.2007 07:25:28 von Frater Mus

On 2007-06-01, wrote:

> vpnc works well and openswan either, even with nat traversal.

I have been using vpnc to good effect.


--
Help grow community wireless internet:
http://www.dfwfreenet.org/

http://www.mousetrap.net/~mouse/ <-- geeky homepage

Re: VPN-1 CheckPoint Linux client -- no longer supported?

am 27.06.2007 14:51:44 von thomas.tendl

On 10 Jun., 07:25, Frater Mus
wrote:
> On 2007-06-01, wrote:
> >vpncworks well and openswan either, even with nat traversal.
>
> I have been usingvpncto good effect.

maybe you could give a little advise then? as far as i've used vpn
access to checkpoint (using Checkpoint's client on windows) i was
using a certificate to connect with.
the vpnc config example only shows up a shared secret option and i
don't have a clue how to enter this kind of access to Checkpoint VPN-1
(there is no option to set shared secret on Checkpoint using the
"Remote Access" object which is needed for (you won't believe it ;-)
client access from remote...but i may be just blind)

BR
Thomas

Re: VPN-1 CheckPoint Linux client -- no longer supported?

am 29.06.2007 01:19:55 von jj

You have to enable FW-1 User Name and Password (or whatever it is called) on
the firewall object in the remote access authentication section. Then you
have to go to the user's object and enter their password there.

Ray

wrote in message
news:1182948704.321400.192220@n2g2000hse.googlegroups.com...
> On 10 Jun., 07:25, Frater Mus
> wrote:
>> On 2007-06-01, wrote:
>> >vpncworks well and openswan either, even with nat traversal.
>>
>> I have been usingvpncto good effect.
>
> maybe you could give a little advise then? as far as i've used vpn
> access to checkpoint (using Checkpoint's client on windows) i was
> using a certificate to connect with.
> the vpnc config example only shows up a shared secret option and i
> don't have a clue how to enter this kind of access to Checkpoint VPN-1
> (there is no option to set shared secret on Checkpoint using the
> "Remote Access" object which is needed for (you won't believe it ;-)
> client access from remote...but i may be just blind)
>
> BR
> Thomas
>

Re: VPN-1 CheckPoint Linux client -- no longer supported?

am 29.06.2007 07:25:02 von thomas.tendl

On 29 Jun., 01:19, "JJ" wrote:
> You have to enable FW-1 User Name and Password (or whatever it is called) on
> the firewall object in the remote access authentication section. Then you
> have to go to the user's object and enter their password there.
>
> Ray

thx for the answer but entering the logon credentials wasn't my
problem, i've got it almost immediately. i didn't find the settings
for entering a shared secret (searched for it everywhere except the
ike settings of the user itself where it has to be of course *sigh*).

at the moment i'm getting "isakmp_n_invalid_cookie(4)" from vpnc and
"unsupported exchange type" from checkpoint (got the very same message
before entering the shared secret on checkpoint so this has to be an
other problem).