Hi, as far as I know, the CheckPoint VPN gateway does not support the IKEv2 protocol. Therefore you can't use the strongSwan NetworkManager plugin to set up a connection.
The CheckPoint VPN gateway most probably will use IKEv1 and XAUTH. The first thing to find out is whether IKEv1 Main Mode is used by the CheckPoint box since strongSwan does not support the potentially insecure IKEv1 Aggressive Mode. If Main Mode is possible then you can configure strongSwan's IKEv1 pluto daemon via /etc/ipsec.conf. Best regards Andreas Sucha Singh wrote: > Hi, > > I'm looking to use strongSwan to connect to my company CheckPoint > VPN, as I am new to Linux and networking I am really struggling to > get anything working. I have a Actividentity token that generates a > password that authenticates against a RADIUS server, below is a list > of facts I know from my CheckPoint config from Windows: > > I have an IP address for company site Authentication - Challenge > Response NAT-T protocol - enabled Office Mode - enabled Use NAT > traversal tunneling - enabled IKE over TCP - enabled Force UDP > encapsulation - enabled > > I have attempted to use the Network Manager GUI to connect but it > fails with "VPN service failed to start", the syslog file contains a > host of errors. The settings I attempted were: > > Gateway: Address - IP address of my company site Certificate - None > > Client: Authentication - EAP Username - My id I use for my token to > generate password > > Options - Request an inner IP address - unchecked Enforce UDP > encapsulation - checked Use IP compression - unchecked > > My questions would be: > > 1) Does strongSwan support the protocols/authentication methods I > describe for CheckPoint VPN 2) If yes, then does my setup through > Network Manager look correct 3) If yes, then is it a case of posting > the sys.log errors for someone to kindly look at > > I appreciate anyone's help and time with this. > > Regards, > > Jana ====================================================================== Andreas Steffen [email protected] strongSwan - the Linux VPN Solution! www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]== _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
