[vpn-help] Shrew (debian lenny) to Checkpoint NGX R65
Carmelo Iannello
c.iannello at codices.com
Sun May 2 14:08:45 CDT 2010
Luca Arzeni ha scritto:
> Hi there,
> I'm trying to connect a client (debian lenny) with a checkpoint
> firewall NGX R65.
> I can connect with a securemote client from a window XP client to a
> network behind the firewall.
> The same connection fails under linux, using Shrew.
>
> I followed the instructions on the shred site, with one difference:
> I'm using a mutual RSA authentication (I have no password... anyway
> the administrator of the firewall says that he cannot set any password
> on the firewall, so this should be correct).
> I use the DN of the certificates as id of the client and of the firewall.
>
> The connection fails after phase1, complaining that peer received a
> MALFORMED-PAYLOAD.
>
> I must say that I have no firewall certificate, tha admin says that he
> has no knowledge of a FW certificate. In the securemote client, I
> extracted a certificate from the cert(:xxx) string but it's the
> certificate of the ca, and I'm using that one as certificate for the
> other endpoint.
Did you reversed the certificate string?
If you have a pkcs12 client certificate you can extract a PEM version of
the CA certificate from it, using openssl.
Check out this post:
http://lists.shrew.net/pipermail/vpn-help/2010-April/003254.html
for how to reverse the :cert() string
and this
http://lists.shrew.net/pipermail/vpn-help/2010-April/003274.html
for mutual RSA with Checkpoint
> Is there anyone that has successfully connected from a linux client to
> a check point NGX R65?
yes, from debian unstable to R65 and R55
More information about the vpn-help
mailing list