VPN connection to a CheckPoint Firewall / FW-1

VPN connection to a CheckPoint Firewall / FW-1

Post by noon » Sat, 24 Apr 2004 15:09:42



I need to connect to a VPN from Fedora Core 1. The only way at the moment is to use CheckPoint SecureRemote,
because the VPN server is using CheckPoint Firewall / FW-1 ( dont know the version ).
It's a colocation site / data centre.

The alternatives that I have found are:

1) Use CheckPoint's SecureRemote on linux:

http://www.checkpoint.com/techsupport/downloads_sr.html

Unfortunately, it will only work with RedHat 7.2/7.3 kernels, specifically ( from their documentation ):

        RedHat Linux version 7.2 & 7.3, kernel versions 2.4.9-7, 2.4.9-33, 2.4.18-5 and 2.4.18-10

        http://www.checkpoint.com/techsupport/downloads/html/securemote/sr-5-...

2) Use FreeSWAN. However, FreeSWAN development has stopped.

CheckPoint has a document on how to connect from FreeSWAN:

        http://support.checkpoint.com/kb/docs/public/firewall1/4_1/pdf/fw-lin...

Unfortunately, it is quite old ( was still referring to RH 6.2 ) and it looks like that you need a fixed IP on the client side.

3) Use CheckPoint's SecureRemote on linux on a RH 7.x guest OS using user-mode-linux with Fedora as the host OS.

Unfortunately, binary only modules will not work with user-mode-linux kernels.

4) Use CheckPoint's SecureRemote on linux on a RH 7.x guest OS using plex86 with Fedora as the host OS.

However, there has been no activitity on plex86

5) Use CheckPoint's SecureRemote on winnt4/win2k guest OS using bochs with Fedora as the host OS.

However, was told that this will be too slow for everyday use.

6) Use CheckPoint's SecureRemote on linux on a RH 7.x guest OS using bochs with Fedora as the host OS.

Have not tried yet

7) Use VMWare to run RH 7.2 guest OS on a Fedora host OS.

However, although it may work, it is an unsupported configuration since they will not support Fedora as the host OS.

        http://www.microway.com.au/catalog/vmware/vm_workstation_specs.stm

 
 
 

VPN connection to a CheckPoint Firewall / FW-1

Post by noon » Sat, 24 Apr 2004 15:13:45


Forgot to post my actually question:

Has anyone successfully connected to a VPN through a CheckPoint Firewall /FW-1,
from a Fedora installaton preferrably ?

1) ... from a dial-up connection to an ISP, thereby getting a dynamic IP

2) ... from within a LAN with private IP addresses using NAT on a single IP address ( assigned by ISP via an ADSL connection )

 
 
 

1. connecting to a VPN behiind CheckPoint FW-1

 From Fedora Core1/2, the only way I could connect to a VPN behind FW-1
is by:

1) installing qemu
2) installing RedHat Linux 7.2/7.3 as the guest OS on qemu
3) installing CheckPoint's SecureClient on RedHat 7.2/7.3 that is on
qemu ...
4) Putting a bridge between the host OS and the guest OS via brctl

However, to actually connect to the hosts on the VPN, I would do:
1) ssh / telnet to the guest OS ( RedHat 7.2 /7.3 ), then
2) ssh / telnet to the hosts on the VPN

So far, this suits me well, if I only use telnet, ssh, ftp, etc...
but I cannot go directly from a shell in Fedora to the VPN.

Anyone got a better idea ?

2. Newsprint and Solaris 2.3

3. commercial firewall advice (checkpoint FW-1 under Linux?)

4. 1st try to get X up and running on unknown S3 board with ATT20C491 II

5. Checkpoint Firewall-1 VPN and Firewall

6. Difference between /usr/accounting/seconds and last $ user?

7. How do you connect a Slackware box to a Checkpoint FW/VPN using DHCP cable modem?

8. ksh - how to test for integer

9. Nokia IP400 Firewall and Checkpoint (The Fastest Checkpoint Firewall Box)

10. checkpoint fw-1 usable scripts available !

11. FW-1 vs Checkpoint opinions wanted

12. Checkpoint FW-1, Solaris Routing, and Two ISPs

13. Linux and Checkpoint FW-1