[strongSwan] Please help - Using strongSwan to connect to CheckPoint VPN-1

Sucha Singh soorma_j4tt at yahoo.co.uk
Sun Feb 28 13:04:36 CET 2010


I'm looking to use strongSwan to connect to my company CheckPoint VPN, as I am new to Linux and networking I am really struggling to get anything working.  I have a Actividentity token that generates a password that authenticates against a RADIUS server, below is a list of facts I know from my CheckPoint config from Windows:

I have an IP address for company site
Authentication - Challenge Response
NAT-T protocol - enabled
Office Mode - enabled
Use NAT traversal tunneling - enabled
IKE over TCP - enabled
Force UDP encapsulation - enabled

I have attempted to use the Network Manager GUI to connect but it fails with "VPN service failed to start", the syslog file contains a host of errors.  The settings I attempted were:

Address - IP address of my company site
Certificate - None

Authentication - EAP
Username - My id I use for my token to generate password

Options -
Request an inner IP address - unchecked
Enforce UDP encapsulation - checked
Use IP compression - unchecked

My questions would be:

1) Does strongSwan support the protocols/authentication methods I describe for CheckPoint VPN
2) If yes, then does my setup through Network Manager look correct
3) If yes, then is it a case of posting the sys.log errors for someone to kindly look at

I appreciate anyone's help and time with this.




More information about the Users mailing list