[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: OpenBSD / FireWall-1 encryption.

To: <misc@openbsd.org>
Subject: Re: OpenBSD / FireWall-1 encryption.
From: Christopher Biggs <chris@stallion.oz.au>
Date: Thu, 07 Mar 2002 09:35:00 +1000
Cc: "Daniel Paikov" <dpaikov@checkpoint.com>
References: <00a801c1c517$a776e070$9a025a3e@dpaikov>
User-Agent: Gnus/5.090005 (Oort Gnus v0.05) Emacs/21.1 (i386-debian-linux-gnu)

"Daniel Paikov" <dpaikov@checkpoint.com> moved upon the face of the 'Net and spake thusly:

> Has anyone tried and/or succeeded in configuring a VPN between an
> OpenBSD box and a Check Point FireWall-1?

Yes.  (Using an eval copy of FW-NG)

> I'm having some difficulties in doing this (phase 1 fails, can't get any
> further than that), so I wonder if anyone can send a sample isakmpd.conf
> and whatever else is needed for such a configuration.
>
>
> [Default-main-mode]
> DOI=                    IPSEC
> EXCHANGE_TYPE=          ID_PROT
> Transforms=             3DES-SHA
>

Try "3DES-MD5-GRP2"

You'll need the latest CVS isakmpd for this proposal to be part of the
predefined configuration, else you will have to define that proposal
yourself:

      [3DES-MD5-GRP2]
      ENCRYPTION_ALGORITHM=   3DES_CBC
      HASH_ALGORITHM=         MD5
      AUTHENTICATION_METHOD=  PRE_SHARED
      GROUP_DESCRIPTION=      MODP_1024
      LIFE=                   ANY


-- 
Christopher Biggs -- chris@stallion.oz.au -- Stallion Technologies Australia.
There's a bug in my mailer that mangles my sig but V guvax V'ir svkrq vg abj.
Uneqyl jbegu qrpbqvat, jnf vg? Rznvy zr "Fhowrpg: fraqctcxrl" sbe zl CTC xrl.

Follow-Ups:
- Re: OpenBSD / FireWall-1 encryption.
  - From: Philipp Buehler <lists@fips.de>

References:
- OpenBSD / FireWall-1 encryption.
  - From: "Daniel Paikov" <dpaikov@checkpoint.com>

Prev by Date: misc30.tgz and make build
Next by Date: disabling host routes?
Prev by thread: OpenBSD / FireWall-1 encryption.
Next by thread: Re: OpenBSD / FireWall-1 encryption.
Index(es):
- Date
- Thread