[strongSwan] Full SHA-2 IPsec support with strongSwan 4.3.6 and Linux kernel 2.6.33
Hi, the Linux kernel 2.6.33 containing Martin Willi's SHA-2 ESP patch making the SHA256 HMAC truncation length compliant with RFC 4868 and adding SHA384 and SHA512 HMAC support was released last week on February 24, 2010. strongSwan 4.3.6 is now able to correctly configure SHA-2 based IPsec data integrity in the Linux 2.6.33 kernel via either the IKEv1 or IKEv2 protocols without the need to apply any kernel patches. Example scenarios are available under the link http://www.strongswan.org/uml/testresults43/ Thus we hope to see strongSwan 4.3.6 in all Linux distributions running under a 2.6.33 kernel :-) Best regards Andreas == Andreas Steffen andreas.stef...@strongswan.org strongSwan - the Linux VPN Solution!www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===[ITA-HSR]== ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] Please help - Using strongSwan to connect to CheckPoint VPN-1
Hi, as far as I know, the CheckPoint VPN gateway does not support the IKEv2 protocol. Therefore you can't use the strongSwan NetworkManager plugin to set up a connection. The CheckPoint VPN gateway most probably will use IKEv1 and XAUTH. The first thing to find out is whether IKEv1 Main Mode is used by the CheckPoint box since strongSwan does not support the potentially insecure IKEv1 Aggressive Mode. If Main Mode is possible then you can configure strongSwan's IKEv1 pluto daemon via /etc/ipsec.conf. Best regards Andreas Sucha Singh wrote: > Hi, > > I'm looking to use strongSwan to connect to my company CheckPoint > VPN, as I am new to Linux and networking I am really struggling to > get anything working. I have a Actividentity token that generates a > password that authenticates against a RADIUS server, below is a list > of facts I know from my CheckPoint config from Windows: > > I have an IP address for company site Authentication - Challenge > Response NAT-T protocol - enabled Office Mode - enabled Use NAT > traversal tunneling - enabled IKE over TCP - enabled Force UDP > encapsulation - enabled > > I have attempted to use the Network Manager GUI to connect but it > fails with "VPN service failed to start", the syslog file contains a > host of errors. The settings I attempted were: > > Gateway: Address - IP address of my company site Certificate - None > > Client: Authentication - EAP Username - My id I use for my token to > generate password > > Options - Request an inner IP address - unchecked Enforce UDP > encapsulation - checked Use IP compression - unchecked > > My questions would be: > > 1) Does strongSwan support the protocols/authentication methods I > describe for CheckPoint VPN 2) If yes, then does my setup through > Network Manager look correct 3) If yes, then is it a case of posting > the sys.log errors for someone to kindly look at > > I appreciate anyone's help and time with this. > > Regards, > > Jana == Andreas Steffen andreas.stef...@strongswan.org strongSwan - the Linux VPN Solution!www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===[ITA-HSR]== ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
[strongSwan] Please help - Using strongSwan to connect to CheckPoint VPN-1
Hi, I'm looking to use strongSwan to connect to my company CheckPoint VPN, as I am new to Linux and networking I am really struggling to get anything working. I have a Actividentity token that generates a password that authenticates against a RADIUS server, below is a list of facts I know from my CheckPoint config from Windows: I have an IP address for company site Authentication - Challenge Response NAT-T protocol - enabled Office Mode - enabled Use NAT traversal tunneling - enabled IKE over TCP - enabled Force UDP encapsulation - enabled I have attempted to use the Network Manager GUI to connect but it fails with "VPN service failed to start", the syslog file contains a host of errors. The settings I attempted were: Gateway: Address - IP address of my company site Certificate - None Client: Authentication - EAP Username - My id I use for my token to generate password Options - Request an inner IP address - unchecked Enforce UDP encapsulation - checked Use IP compression - unchecked My questions would be: 1) Does strongSwan support the protocols/authentication methods I describe for CheckPoint VPN 2) If yes, then does my setup through Network Manager look correct 3) If yes, then is it a case of posting the sys.log errors for someone to kindly look at I appreciate anyone's help and time with this. Regards, Jana ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users