[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] VPN -1 Client in Linux
We got it to work using these settings in ipsec.conf : Of course , set-up your subnets and other info # basic configuration config setup # THIS SETTING MUST BE CORRECT or almost nothing will work; # %defaultroute is okay for most simple cases. interfaces=%defaultroute # Debug-logging controls: "none" for (almost) none, "all" for lots. klipsdebug=none plutodebug=none # Use auto= parameters in conn descriptions to control startup actions. plutoload=%search plutostart=%search # Close down old connection when new one using same ID shows up. uniqueids=yes # X VPN connection conn "connection name" # Left security gateway, subnet behind it, next hop toward right. left= leftsubnet= leftnexthop= # Right security gateway, subnet behind it, next hop toward left. right= rightsubnet= rightnexthop= # Start this connection on IPSec Startup auto=start # Perfect Forward Secrecy ( pfs=no # Encrypt sessions auth=esp # IKE key exchange (only option) keyexchange=ike # Encryption type for sessions (3des-sha1-96) esp=3des-md5-96 # encryption/authentication keys (ESP SA) keylife=55m # ISAKMP SA ikelifetime=90m # attempts to negotiate a connection (0=never give up) keyingtries=0 # how long before connection expiry should attempts to negotiate a replacement key begin rekeymargin=9m -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[email protected]]On Behalf Of Michael S. Hobbs Sent: Friday, November 30, 2001 12:52 PM To: [email protected] Subject: [FW-1] VPN -1 Client in Linux Has anyone had any experience or know of some online resources to help me set up a VPN connection to my FW-1 in Linux? I tried the Free S/WAN approach as detailed in a PDF I found on Checkpoint's web site. Is this the best approach? If so, has anyone gotten this to work properly. Thanks, Michael S. Hobbs Unicon, Inc. PhoneCellFax=============================================== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html =============================================== =============================================== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ===============================================
|