Mailinglist Archive: opensuse-security (220 mails)

< Previous Next >
Re: [suse-security] FreeSwan <-> CheckPoint
  • From: "J J" <c_peto@xxxxxxxxxxx>
  • Date: Tue, 04 Nov 2003 19:01:35 +0000
  • Message-id: <Sea2-F37EpTX5V3GykB000690ae@xxxxxxxxxxx>
You don't have to change ipsec.conf

Instead change ipsec.secrets

Where you have a line that says...

aaa.bbb.ccc.ddd : PSK "Rumpelstielzchen"

I am assuming that aaa.bbb.ccc.ddd is the external (internet) IP address of the Checkpoint box and is the external (internet) IP address of your Freeswan gateway?

I can't see what you have in your ipsec.conf for the leftid value because you have written


...that's fine - no point in telling mailing list private details! Just use whatever you have there in your ipsec.secrets file instead of the external (internet) IP address of your Freeswan gateway. Make sure to include the @ symbol as well!!

So your ipsec.secrets file will look something like...

# Must be same on both; generate on one and copy to the other.
aaa.bbb.ccc.ddd @.... : PSK "Rumpelstielzchen"

And that should be all that you need!

Because you have not changed ipsec.conf you will not need to restart ipsec but you will need to use this command...

ipsec auto --rereadsecrets that the pluto daemon will re read the secrets file.

Then try to bring up the connection again and tell us what happens!

Good luck,

From: "Thorsten Marquardt" <thom@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
To: c_peto@xxxxxxxxxxx (J J)
Subject: Re: [suse-security] FreeSwan <-> CheckPoint
Date: Tue, 4 Nov 2003 19:36:48 +0000 (MEST)


> Yes.
> The lookup of PSKs in ipsec.secrets uses "leftid" not "left" if it can.
> It's confusing because if you don't set "leftid" then it will default to the
> same value as "left"!

I'm not sure that I understand you right. So would you advice me to delete leftid
from ipsec.conf or build an ipsec.secrets like:

# Must be same on both; generate on one and copy to the other. : PSK "Rumpelstielzchen"

thank you so far.



bye bye (c) by Thom | Thorsten Marquardt
| EMail: THOM@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
| Member of the pzt project.

On the move? Get Hotmail on your mobile phone

< Previous Next >