connecting to a VPN behiind CheckPoint FW-1

connecting to a VPN behiind CheckPoint FW-1

Post by noon » Fri, 19 Nov 2004 13:16:55



 From Fedora Core1/2, the only way I could connect to a VPN behind FW-1
is by:

1) installing qemu
2) installing RedHat Linux 7.2/7.3 as the guest OS on qemu
3) installing CheckPoint's SecureClient on RedHat 7.2/7.3 that is on
qemu ...
4) Putting a bridge between the host OS and the guest OS via brctl

However, to actually connect to the hosts on the VPN, I would do:
1) ssh / telnet to the guest OS ( RedHat 7.2 /7.3 ), then
2) ssh / telnet to the hosts on the VPN

So far, this suits me well, if I only use telnet, ssh, ftp, etc...
but I cannot go directly from a shell in Fedora to the VPN.

Anyone got a better idea ?

 
 
 

1. VPN connection to a CheckPoint Firewall / FW-1

I need to connect to a VPN from Fedora Core 1. The only way at the moment is to use CheckPoint SecureRemote,
because the VPN server is using CheckPoint Firewall / FW-1 ( dont know the version ).
It's a colocation site / data centre.

The alternatives that I have found are:

1) Use CheckPoint's SecureRemote on linux:

http://www.checkpoint.com/techsupport/downloads_sr.html

Unfortunately, it will only work with RedHat 7.2/7.3 kernels, specifically ( from their documentation ):

        RedHat Linux version 7.2 & 7.3, kernel versions 2.4.9-7, 2.4.9-33, 2.4.18-5 and 2.4.18-10

        http://www.checkpoint.com/techsupport/downloads/html/securemote/sr-5-...

2) Use FreeSWAN. However, FreeSWAN development has stopped.

CheckPoint has a document on how to connect from FreeSWAN:

        http://support.checkpoint.com/kb/docs/public/firewall1/4_1/pdf/fw-lin...

Unfortunately, it is quite old ( was still referring to RH 6.2 ) and it looks like that you need a fixed IP on the client side.

3) Use CheckPoint's SecureRemote on linux on a RH 7.x guest OS using user-mode-linux with Fedora as the host OS.

Unfortunately, binary only modules will not work with user-mode-linux kernels.

4) Use CheckPoint's SecureRemote on linux on a RH 7.x guest OS using plex86 with Fedora as the host OS.

However, there has been no activitity on plex86

5) Use CheckPoint's SecureRemote on winnt4/win2k guest OS using bochs with Fedora as the host OS.

However, was told that this will be too slow for everyday use.

6) Use CheckPoint's SecureRemote on linux on a RH 7.x guest OS using bochs with Fedora as the host OS.

Have not tried yet

7) Use VMWare to run RH 7.2 guest OS on a Fedora host OS.

However, although it may work, it is an unsupported configuration since they will not support Fedora as the host OS.

        http://www.microway.com.au/catalog/vmware/vm_workstation_specs.stm

2. Q: aha247x: target 2 underflow?

3. How do you connect a Slackware box to a Checkpoint FW/VPN using DHCP cable modem?

4. SCSI driver for Internal SCSI device Compaq Prosignia

5. checkpoint fw-1 usable scripts available !

6. Programmable completion in Bash?

7. FW-1 vs Checkpoint opinions wanted

8. How do you tell the advocates apart ?

9. Checkpoint FW-1, Solaris Routing, and Two ISPs

10. Linux and Checkpoint FW-1

11. commercial firewall advice (checkpoint FW-1 under Linux?)

12. CHeckpoint FW-1 Trial version

13. telnetd on FW-1 checkpoint