[Sussex] VPN and Checkpoint-NG
Matthew Macdonald-Wallace
matthew at truthisfreedom.org.uk
Mon Jul 3 10:26:52 UTC 2006
Quoting Jon Fautley <jfautley at redhat.com>:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Matthew Macdonald-Wallace wrote:
>> Hi all,
>>
>> I've started work at my new employer and for some of the out-of-hours
>> support, I need access to their AS/400 via a VPN.
>>
>> Does anyone have any experience of connecting a Linux Client to a
>> Checkpoint VPN? If so, how did you do it? So many sites refer to a now
>> defunct rpm-based client release by checkpoint for 2.4 kernels which is
>> no longer available, nor is the documentation.
>>
>> I'm running a 2.6 kernel on Gentoo at the moment, so any hints/tips
>> wouild be most useful!
>
> Hey Matt :)
:D
> What VPN protocols does the CheckPoint box use? While most of these
> proprietary systems have their own variation of something standard, they
> can often be convinced to use a different protocol - i.e. Cisco hardware
> will do 'Cisco IPSec' (which is just a little different from normal
> IPSec), and also PPTP (eww). Maybe you can get PPTP working? That's a
> breeze to setup in Linux...
AFAIK, it's running IPSec/IKE. I'm just rebuilding my Gentoo box [1]
an donce that's done, I'll try openSwan and see what happens there.
I'll see if I can persuade them the change things here too, but I
doubt it will happen! :D
Matt
--
Matthew Macdonald-Wallace
matthew at truthisfreedom.org.uk
"Sed quis custodiet ipsos custodies?"
[1] I moved to Thanet. I switched to Tiscali. The modem tiscali sent
me is evil (Sagem eagle-based USB B****cks!!!). I have had to install
a laptop with FC4 (the only distro I had with kernel sources!) Compile
the Sagem Driver against those sources, use the laptop as a gateway,
install gentoo via the internet (live CD doesn't contain Kernel
Sources!!!), compile the eagle_usb modules against the gentoo kernel,
switch the modem ofver to the gateway and then reinstall gentoo on the
laptop. And all because Tiscali won't give me a modem that has a
useful port (have they even heard of RJ-45???!!!). Ah well, at least
its working.
M
More information about the Sussex
mailing list