CheckPoint vpn connectivity with FreeBSD as a Client

Fish fish at
Thu May 8 08:04:22 PDT 2003

I'm not subscribed, so please CC me on any responses.  Failing that,
I'll just check the archives periodically.

We have a CheckPoint VPN-1 box at the office, and can use SecuRemote for
W2K to VPN in.  I would like to set up my FreeBSD -Current laptop to
connect when I do not have access to make changes at the firewall
level.  That means I can't set up a shared secret and do it nice and
easy that way.  I've read some documentation, including what I thought
to be most relevant at the following addresses, and these are the
questions I still have for anyone who knows.

1. Without any access to the firewall/VPN server, is it possible to set
up my laptop with racoon to authenticate to the server?  Also please
note that the SecuRemote client setup prompts you for a username and
password which I can't seem to find any info on how to provide on the

2. One of the first things you have to do on the FreeBSD client side is
to set up the policy for what traffic should and should not be
encrypted, but one of the first things that happens with the SecuRemote
client is that it sends you the policy for which hosts are to have
encrypted communications et cetera.  How can this be dealt with?

3. Is this even possible?

In retrospect, question three probably should have been first.

Any information is greatly appreciated.



More information about the freebsd-net mailing list