Re: vpn1/fw1 NG to ipsec/racoon troubles, help please ...
From: Dru (dlavigne6@cogeco.ca)
Date: 07/27/02
- Next message: Craig Miller: "Re: wierdness in my security report"
- Previous message: Erik Paulsen Skålerud: "Problems with reaching a ftpd behind two DMZ clouds"
- In reply to: Matthew Grooms: "vpn1/fw1 NG to ipsec/racoon troubles, help please ..."
- Next in thread: Matthew Grooms: "Re: vpn1/fw1 NG to ipsec/racoon troubles, help please ..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 27 Jul 2002 08:39:46 -0400 (EDT) From: Dru <dlavigne6@cogeco.ca> To: Matthew Grooms <mgrooms@seton.org>
On Fri, 26 Jul 2002, Matthew Grooms wrote:
> Hello,
>
> I have a freebsd related ipsec question. I have set up a checkpoint
> vpn1/fw1 NG ( feature pack 2 )gateway for vpn connectivity to the
> hospital I work for. Most of the guys on my team run linux/bsd at thier
> house so I have set up encrypt rules in vpn1 to allow us connect to the
> checkpoint box and tunnel into our network from home. In any case, one
> of my coworkers has had pretty good success with the freeswan ( can
> connect and route traffic ) but I am getting some weird behavior using
> racoon/kame ipsec. I was hoping somone could help me out with this. I
> have attached most configuration info in this email and am more than
> willing to try just about anything to get this up and running. I could
> even go so far as to set up a temporary profile in a sandbox if somone
> who knows what they are doing would like take a stab at it.
>
> I am running Checkpoint VPN1/FW1 with Feature pack 2 installed. The
> VPN1 side is set up to reflect my freebsd configuration. I am using
> preshared keys for authentication 3des/md5 & pfs. ( although I have
> tried a myriad of permutations ) The freebsd side is version 4.4 with
> the following kernel options.
<snip configs>
Have you tried a "tcpdump port 500" during Phase 1 negotiations? This will
show the proposal exchange so you can see which parts aren't matching up.
If that doesn't do it, send that output along with your racoon.conf file.
Dru
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
- Next message: Craig Miller: "Re: wierdness in my security report"
- Previous message: Erik Paulsen Skålerud: "Problems with reaching a ftpd behind two DMZ clouds"
- In reply to: Matthew Grooms: "vpn1/fw1 NG to ipsec/racoon troubles, help please ..."
- Next in thread: Matthew Grooms: "Re: vpn1/fw1 NG to ipsec/racoon troubles, help please ..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
