Luca Arzeni ha scritto: > Hi there, > I'm trying to connect a client (debian lenny) with a checkpoint > firewall NGX R65. > I can connect with a securemote client from a window XP client to a > network behind the firewall. > The same connection fails under linux, using Shrew. > > I followed the instructions on the shred site, with one difference: > I'm using a mutual RSA authentication (I have no password... anyway > the administrator of the firewall says that he cannot set any password > on the firewall, so this should be correct). > I use the DN of the certificates as id of the client and of the firewall. > > The connection fails after phase1, complaining that peer received a > MALFORMED-PAYLOAD. > > I must say that I have no firewall certificate, tha admin says that he > has no knowledge of a FW certificate. In the securemote client, I > extracted a certificate from the cert(:xxx) string but it's the > certificate of the ca, and I'm using that one as certificate for the > other endpoint.
Did you reversed the certificate string? If you have a pkcs12 client certificate you can extract a PEM version of the CA certificate from it, using openssl. Check out this post: http://lists.shrew.net/pipermail/vpn-help/2010-April/003254.html for how to reverse the :cert() string and this http://lists.shrew.net/pipermail/vpn-help/2010-April/003274.html for mutual RSA with Checkpoint > Is there anyone that has successfully connected from a linux client to > a check point NGX R65? yes, from debian unstable to R65 and R55 _______________________________________________ vpn-help mailing list [email protected] http://lists.shrew.net/mailman/listinfo/vpn-help
