[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: OpenBSD / FireWall-1 encryption.
On 07/03/2002, Christopher Biggs <firstname.lastname@example.org> wrote To email@example.com:
> > Has anyone tried and/or succeeded in configuring a VPN between an
> > OpenBSD box and a Check Point FireWall-1?
> Try "3DES-MD5-GRP2"
Could work, never tried it w/ NG for now. At least w/ 4.1 the
DH Group settings (which you cannot easily change in FW-1) are
a bit not so common.
FW-1 can use SHA-1, but I guess they have a weirdo DH group again
in the proposal.
Start isakmpd w/ -L and then look into the proposals w/
tcpdump -tvvvnr /var/run/isakmpd.pcap what the FW-1 is
sending as proposal, especially look for GROUP_DESCRIPTION
(easier to read then the debug from DA=99, since tcpdump
expands this to literal strings instead of numbers).
Philipp Buehler, aka fips | sysfive.com GmbH | BOfH | NUCH | <double-p>
#1: Break the clue barrier!
#2: Already had buzzword confuseritis ?