You don't have to change ipsec.conf Instead change ipsec.secrets Where you have a line that says... aaa.bbb.ccc.ddd www.xxx.yyy.zzz : PSK "Rumpelstielzchen" I am assuming that aaa.bbb.ccc.ddd is the external (internet) IP address of the Checkpoint box and www.xxx.yyy.zzz is the external (internet) IP address of your Freeswan gateway? I can't see what you have in your ipsec.conf for the leftid value because you have written leftid=@.... ...that's fine - no point in telling mailing list private details! Just use whatever you have there in your ipsec.secrets file instead of the external (internet) IP address of your Freeswan gateway. Make sure to include the @ symbol as well!! So your ipsec.secrets file will look something like... # Must be same on both; generate on one and copy to the other. aaa.bbb.ccc.ddd @.... : PSK "Rumpelstielzchen" And that should be all that you need! Because you have not changed ipsec.conf you will not need to restart ipsec but you will need to use this command... ipsec auto --rereadsecrets ...so that the pluto daemon will re read the secrets file. Then try to bring up the connection again and tell us what happens! Good luck, Carl
From: "Thorsten Marquardt"
To: c_peto@hotmail.com (J J) Subject: Re: [suse-security] FreeSwan <-> CheckPoint Date: Tue, 4 Nov 2003 19:36:48 +0000 (MEST) Hi,
Yes.
The lookup of PSKs in ipsec.secrets uses "leftid" not "left" if it can.
It's confusing because if you don't set "leftid" then it will default to
the
same value as "left"!
I'm not sure that I understand you right. So would you advice me to delete leftid from ipsec.conf or build an ipsec.secrets like:
[...] # Must be same on both; generate on one and copy to the other. @the.left.id @the.right.id : PSK "Rumpelstielzchen"
thank you so far.
Thom
--
------------------------------------------------------------------- bye bye (c) by Thom | Thorsten Marquardt | EMail: THOM@kaupp.chemie.uni-oldenburg.de | Member of the pzt project. | http://kaupp.chemie.uni-oldenburg.de/pzt -------------------------------------------------------------------
_________________________________________________________________ On the move? Get Hotmail on your mobile phone http://www.msn.co.uk/msnmobile