[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: OpenBSD / FireWall-1 encryption.

To: misc@openbsd.org
Subject: Re: OpenBSD / FireWall-1 encryption.
From: Philipp Buehler <lists@fips.de>
Date: Thu, 7 Mar 2002 06:26:34 +0100
Mail-Followup-To: misc@openbsd.org
References: <00a801c1c517$a776e070$9a025a3e@dpaikov> <sa8z956ziz.fsf@gweepery.stallion.oz.au>

On 07/03/2002, Christopher Biggs <chris@stallion.oz.au> wrote To misc@openbsd.org:
> > Has anyone tried and/or succeeded in configuring a VPN between an
> > OpenBSD box and a Check Point FireWall-1?
>
> Try "3DES-MD5-GRP2"

Could work, never tried it w/ NG for now. At least w/ 4.1 the
DH Group settings (which you cannot easily change in FW-1) are
a bit not so common.
FW-1 can use SHA-1, but I guess they have a weirdo DH group again
in the proposal.

Start isakmpd w/ -L and then look into the proposals w/
tcpdump -tvvvnr /var/run/isakmpd.pcap what the FW-1 is
sending as proposal, especially look for GROUP_DESCRIPTION
(easier to read then the debug from DA=99, since tcpdump
expands this to literal strings instead of numbers).

ciao
-- 
Philipp Buehler, aka fips | sysfive.com GmbH | BOfH | NUCH | <double-p> 

#1: Break the clue barrier!
#2: Already had buzzword confuseritis ?

References:
- OpenBSD / FireWall-1 encryption.
  - From: "Daniel Paikov" <dpaikov@checkpoint.com>
- Re: OpenBSD / FireWall-1 encryption.
  - From: Christopher Biggs <chris@stallion.oz.au>

Prev by Date: Re: D-Link and Linksys PCMCIA cards
Next by Date: Re: Sendmail smarthost
Prev by thread: Re: OpenBSD / FireWall-1 encryption.
Next by thread: Error "cvs [update aborted]: could not chdir to games/snake/snake: Not a directory"
Index(es):
- Date
- Thread