Date: Sat, 27 Jul 2002 08:39:46 -0400 (EDT) From: Dru <dlavigne6@cogeco.ca> To: Matthew Grooms <mgrooms@seton.org> Cc: freebsd-questions@FreeBSD.ORG, <freebsd-security@FreeBSD.ORG> Subject: Re: vpn1/fw1 NG to ipsec/racoon troubles, help please ... Message-ID: <20020727083722.A86804-100000@x1-6-00-80-c8-3a-b8-46.kico2.on.cogeco.ca> In-Reply-To: <sd411935.056@aus-gwia.aus.dcnhs.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 26 Jul 2002, Matthew Grooms wrote: > Hello, > > I have a freebsd related ipsec question. I have set up a checkpoint > vpn1/fw1 NG ( feature pack 2 )gateway for vpn connectivity to the > hospital I work for. Most of the guys on my team run linux/bsd at thier > house so I have set up encrypt rules in vpn1 to allow us connect to the > checkpoint box and tunnel into our network from home. In any case, one > of my coworkers has had pretty good success with the freeswan ( can > connect and route traffic ) but I am getting some weird behavior using > racoon/kame ipsec. I was hoping somone could help me out with this. I > have attached most configuration info in this email and am more than > willing to try just about anything to get this up and running. I could > even go so far as to set up a temporary profile in a sandbox if somone > who knows what they are doing would like take a stab at it. > > I am running Checkpoint VPN1/FW1 with Feature pack 2 installed. The > VPN1 side is set up to reflect my freebsd configuration. I am using > preshared keys for authentication 3des/md5 & pfs. ( although I have > tried a myriad of permutations ) The freebsd side is version 4.4 with > the following kernel options. <snip configs> Have you tried a "tcpdump port 500" during Phase 1 negotiations? This will show the proposal exchange so you can see which parts aren't matching up. If that doesn't do it, send that output along with your racoon.conf file. Dru To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020727083722.A86804-100000>