Hi Marcel, > Does anybody know if there are any news concerning freeswan and > Watchguard Firebox 2 interoperability? Some time ago I read that the two > would not work together, as Watchguard does not use triple DES during > the negotiation phase. Is there a patch around for freeswan? >
The new watchguard version 6.0 support both DES types in phase 1
(DES/3DES). So you should be able to create a static tunnel between the
friebox and you freeswan host.
If you would like to create a dynamic tunnel (dynamic ip for freeswan),
the freeswan must support the aggressive mode, and I'm not sure if
freeswan supports this.
Btw: I have two tunnels between a firebox and some OpenBSD Host and it
works great. So I think with the new 6.0 version this should be no
problem for FreeSwan.
You can take a look at the following url to see a sample config for 6.0:
http://jade.viastore.de/~tsauter/files/howtos/watchguard-vpn.php
Happy ipsec'ing
Thorsten
--
Thorsten Sauter
<[EMAIL PROTECTED]>
(Is there life after /sbin/halt -p?)
pgpJBCj4H3lC6.pgp
Description: PGP signature
