On Thu, Mar 29 2007 at 44:08, Sebastian Reitenbach wrote:
> Hi list,
Hi,
> I have a problem to setup an ipsec tunnel between my openbsd box and a
> checkpoint firewall.
[...]
> I had no problem to get a tunnel working between two openbsd 4.0 hosts with
> the above configuration file, so I think my problem can only be the timings
> of the renegotiations. What are the default renegotiation timings, and where
> should i configure these?
The default SA lifetime are described in the man page of isakmpd.conf :
[General]
Default-phase-1-lifetime= 3600,60:86400
Default-phase-2-lifetime= 1200,60:86400
OpenBSD will accept lifetimes between 60 and 86400 seconds with a
default of 1 hour for phase 1 and 20 minutes for phase 2.
As you wrote, default Checkpoint lifetime are 1440 min for phase 1
(86400 seconds) and 3600 seconds for phase 2. I doubt it's a lifetime
problem.
The configuration should work, at least it works here between Checkpoint
R61 and OpenBSD 4.0.
Could you provide us some error messages pleas? Messages from the Checkpoint
side
would help too :)
Claer
