Re: [Users] Freeswan + Checkpoint NG NO_PROPOSAL_CHOSEN

Hi, Jason...

On Thu, May 08, 2003 at 06:05:24PM +0100, Jason Aley wrote:
> I am trying to create an IPSEC tunnel between by Linux firewall running

That works perfectly at our site.

> Despite following the set-up guide verbatum I cannot create the tunnel

The last time I got this message there were problems with the "aggressive mode" setting at the Checkpoint Firewall. Another problem might be the "perfect forward secrecy" setting which must be identical on both the Checkpoint VPN-1 gateway and the FreeS/WAN VPN gateway. On the Checkpoint firewall you need to double-click on the "Encrypt" icon and enter the properties of "IKE" to uncover the PFS flag.

There are however other times when "No proposal chosen" can come up. We had it with our Checkpoint firewall when the topology of the firewall object did not match the interfaces. Checkpoint is garbage in many aspects. This might be one. ;)

> I am able to ping the remote firewall unencrypted so am confident of

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related lists.freeswan.org Links 1998-fall 1998-spring 1998-summer 1998-winter 1999-winter announce briefs bugs design freeswan-list hipsec ietf-sectest users users-admin Request more information about Pantek

You would get other error messages in case there were routing errors.

> An example log is included below - Any help on this matter would be

I'm terribly bad at reading the FreeS/WAN logs. So I'm just guessing. :)

 Christoph

-- 
~
~
".signature" [Modified] 3 lines --100%--                3,41         All
_______________________________________________
Users mailing list
Users@lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users