From owner-freebsd-net@FreeBSD.ORG Thu May 8 08:04:21 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EC4F837B401 for ; Thu, 8 May 2003 08:04:21 -0700 (PDT) Received: from inception.quiecom.com (inception.quiecom.com [216.127.82.32]) by mx1.FreeBSD.org (Postfix) with ESMTP id 19CF743FBF for ; Thu, 8 May 2003 08:04:17 -0700 (PDT) (envelope-from fish@fish-mail.com) Received: from [10.1.130.14] (internet-user.jwt.com [208.44.60.32]) (authenticated) by inception.quiecom.com (8.11.6/8.11.6) with ESMTP id h48EuFB23782 for ; Thu, 8 May 2003 10:56:15 -0400 From: Fish To: freebsd-net@freebsd.org Content-Type: text/plain Organization: Message-Id: <1052406094.760.26.camel@current> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.2.4 Date: 08 May 2003 11:01:35 -0400 Content-Transfer-Encoding: 7bit Subject: CheckPoint vpn connectivity with FreeBSD as a Client X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 May 2003 15:04:22 -0000 I'm not subscribed, so please CC me on any responses. Failing that, I'll just check the archives periodically. We have a CheckPoint VPN-1 box at the office, and can use SecuRemote for W2K to VPN in. I would like to set up my FreeBSD -Current laptop to connect when I do not have access to make changes at the firewall level. That means I can't set up a shared secret and do it nice and easy that way. I've read some documentation, including what I thought to be most relevant at the following addresses, and these are the questions I still have for anyone who knows. http://www.deathstar.ch/security/fw1/Encryption/FAQ0271.htm http://www.daemonnews.org/200101/ipsec-howto.html http://www.freebsd.org/doc/en_US.ISO8859-1/articles/checkpoint/index.html 1. Without any access to the firewall/VPN server, is it possible to set up my laptop with racoon to authenticate to the server? Also please note that the SecuRemote client setup prompts you for a username and password which I can't seem to find any info on how to provide on the client-side. 2. One of the first things you have to do on the FreeBSD client side is to set up the policy for what traffic should and should not be encrypted, but one of the first things that happens with the SecuRemote client is that it sends you the policy for which hosts are to have encrypted communications et cetera. How can this be dealt with? 3. Is this even possible? In retrospect, question three probably should have been first. Any information is greatly appreciated. Thanks, Fish