Checkpoint Firewall Client on AMD64
Hi all, Just wondering if anyone has managed to install the Checkpoint SecureClient under AMD64 at all? I just started a new job this week and need remote access for when I'm on call, and I have a VPN token and need to use the Checkpoint client. Unfortunately, they only supply RedHat 7.2/7.3 software, and there's lots of warnings and errors when I alien the package. I'm currently running Sid, but am considering going back to Sarge because I don't get the time to do all the updates any more. However, a deciding factor is if I have to do a dual boot with XP so I can use remote access... Any ideas greatly appreciated! Pete -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Checkpoint Firewall Client on AMD64
Clive Menzies wrote: I can't help with your question re: Checkpoint but I'm in the same postion of having to reboot into XP for VPN remote access. I came up with the following possibilities and have had a cursory look at vpnc: [EMAIL PROTECTED]:~$ apt-cache search vpn | grep client vpnc - Cisco-compatible VPN client webmin-pptp-client - PPTP client configuration module for webmin I don't particularly want to install webmin just for this functionality. So I too would welcome feedback from someone whose using a VPN client. Regards Clive Thanks Clive, glad to see I'm not the only one in this position. I have no intention of installing RedHat (I'd rather dual boot XP!), but I have seen somewhere on a Google search that FreeSwan will talk to Checkpoint, but as I know next to nothing about either at this stage, that sounds like a rather hard path to take, although I might be wrong. Also, I thought FreeSwan was just for IPSec VPN's, but the company I'm working for now are talking PIN numbers and the VPN token, so it may not be that simple. Pete -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Checkpoint Firewall Client on AMD64
On (29/06/05 21:22), Pete wrote: Clive Menzies wrote: I can't help with your question re: Checkpoint but I'm in the same postion of having to reboot into XP for VPN remote access. I came up with the following possibilities and have had a cursory look at vpnc: [EMAIL PROTECTED]:~$ apt-cache search vpn | grep client vpnc - Cisco-compatible VPN client webmin-pptp-client - PPTP client configuration module for webmin Thanks Clive, glad to see I'm not the only one in this position. I have no intention of installing RedHat (I'd rather dual boot XP!), but I have seen somewhere on a Google search that FreeSwan will talk to Checkpoint, but as I know next to nothing about either at this stage, that sounds like a rather hard path to take, although I might be wrong. Also, I thought FreeSwan was just for IPSec VPN's, but the company I'm working for now are talking PIN numbers and the VPN token, so it may not be that simple. I just looked at openswan but on trying to install it got: WARNING: untrusted versions of the following packages will be installed! Untrusted packages could compromise your system's security. You should only proceed with the installation if you are certain that this is what you want to do. openswan ipsec-tools libgmp3 gawk host Given the functionality involved, I'm a little hesitant to proceed - just call me wimp ;) It too is IPSec based but the router I connect to allows both IPSec and PPTP. Regards Clive -- www.clivemenzies.co.uk ... ...strategies for business -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Checkpoint Firewall Client on AMD64
On Wed, Jun 29, 2005 at 12:14:50PM +0100, Clive Menzies wrote: I can't help with your question re: Checkpoint but I'm in the same postion of having to reboot into XP for VPN remote access. I came up with the following possibilities and have had a cursory look at vpnc: [EMAIL PROTECTED]:~$ apt-cache search vpn | grep client vpnc - Cisco-compatible VPN client webmin-pptp-client - PPTP client configuration module for webmin I don't particularly want to install webmin just for this functionality. So I too would welcome feedback from someone whose using a VPN client. Well you would not want pptp for anything, so the webmin module isn't interesting. PPTP is really that bad. NT4 was really about the only thing to ever try to promote it until the flaws in the encryption system were shown to make it very insecure. For IPsec you can use the openswan code along with the kernel modules for IPsec, or you could use something like the cisco compatible one (which is also IPsec based I believe). Len Sorensen -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Checkpoint Firewall Client on AMD64
On Wed, Jun 29, 2005 at 09:22:55PM +1000, Pete wrote: Thanks Clive, glad to see I'm not the only one in this position. I have no intention of installing RedHat (I'd rather dual boot XP!), but I have seen somewhere on a Google search that FreeSwan will talk to Checkpoint, but as I know next to nothing about either at this stage, that sounds like a rather hard path to take, although I might be wrong. Also, I thought FreeSwan was just for IPSec VPN's, but the company I'm working for now are talking PIN numbers and the VPN token, so it may not be that simple. It is quite likely openswan (decendany of freeswan) can talk to checkpoint, but that doesn't mean it can necesaily deal with any proprietary authentication options they added. If people use just the normal features, interoperability is usually simple. Add weird complicated non standard features, and life becomes much harder if you want to use any other vendors stuff. You could always install a 32bit chroot and try to use the redhat package in there (perhaps running rpm to extract it (not install it) or alien to convert to a tar file, would let you place it in /usr/local of the chroot and use it from there). Len Sorensen -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Checkpoint Firewall Client on AMD64
Lennart Sorensen wrote: On Wed, Jun 29, 2005 at 01:20:05PM +0100, Clive Menzies wrote: I just looked at openswan but on trying to install it got: WARNING: untrusted versions of the following packages will be installed! Never seen that message before. Are you running some silly signature checking feature in apt or debsigs? If so expect to see a lot of that until some day when all debian packages are actually signed. Debian packages _are_ signed, and have been for a while. The amd64 packages are signed with a different key to the standard Debian ones, though, so maybe you need to tell apt where to get the signature from? curl http://amd64.debian.net/archive.key | apt-key add - (Untested but should do the trick.) Cameron. signature.asc Description: Digital signature
Re: Checkpoint Firewall Client on AMD64
On (29/06/05 08:24), Lennart Sorensen wrote: Well you would not want pptp for anything, so the webmin module isn't interesting. PPTP is really that bad. NT4 was really about the only thing to ever try to promote it until the flaws in the encryption system were shown to make it very insecure. For IPsec you can use the openswan code along with the kernel modules for IPsec, or you could use something like the cisco compatible one (which is also IPsec based I believe). Thanks Len I shall go and dig around the router docs and and ensure only IPSec connections are allowed. Regards Clive -- www.clivemenzies.co.uk ... ...strategies for business -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Checkpoint Firewall Client on AMD64
This one time, at band camp, Pete said: Hi all, Just wondering if anyone has managed to install the Checkpoint SecureClient under AMD64 at all? I just started a new job this week and need remote access for when I'm on call, and I have a VPN token and need to use the Checkpoint client. Unfortunately, they only supply RedHat 7.2/7.3 software, and there's lots of warnings and errors when I alien the package. I'm currently running Sid, but am considering going back to Sarge because I don't get the time to do all the updates any more. However, a deciding factor is if I have to do a dual boot with XP so I can use remote access... Any ideas greatly appreciated! You really should only need the openswan package. the 2.6 kernel has a native ipsec stack, so you don't even have to compile extra modules. I have used openswan against a checkpoint router with success, although I suppose it would depend on the configuration being used on the checkpoint. -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - signature.asc Description: Digital signature
Re: Checkpoint Firewall Client on AMD64
Lennart Sorensen wrote: On Wed, Jun 29, 2005 at 09:22:55PM +1000, Pete wrote: Thanks Clive, glad to see I'm not the only one in this position. I have no intention of installing RedHat (I'd rather dual boot XP!), but I have seen somewhere on a Google search that FreeSwan will talk to Checkpoint, but as I know next to nothing about either at this stage, that sounds like a rather hard path to take, although I might be wrong. Also, I thought FreeSwan was just for IPSec VPN's, but the company I'm working for now are talking PIN numbers and the VPN token, so it may not be that simple. It is quite likely openswan (decendany of freeswan) can talk to checkpoint, but that doesn't mean it can necesaily deal with any proprietary authentication options they added. If people use just the normal features, interoperability is usually simple. Add weird complicated non standard features, and life becomes much harder if you want to use any other vendors stuff. You could always install a 32bit chroot and try to use the redhat package in there (perhaps running rpm to extract it (not install it) or alien to convert to a tar file, would let you place it in /usr/local of the chroot and use it from there). Len Sorensen Thanks Len, I tried to install it in my ia32 chroot last night, but I was using my laptop from upstairs and XDMCP to my PC, so the display wasn't set in the chroot and I couldn't be bothered sorting that out at the time due to my current flu symptoms... Anyway, I'll have another go at this while I'm sitting at my PC and see if that's a bit better. I'll also see if I can find out today what the actual deal is in terms of if it's just plain IPSec or more than that. Pete -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Checkpoint Firewall Client on AMD64
Stephen Gran wrote: This one time, at band camp, Pete said: Hi all, Just wondering if anyone has managed to install the Checkpoint SecureClient under AMD64 at all? I just started a new job this week and need remote access for when I'm on call, and I have a VPN token and need to use the Checkpoint client. Unfortunately, they only supply RedHat 7.2/7.3 software, and there's lots of warnings and errors when I alien the package. I'm currently running Sid, but am considering going back to Sarge because I don't get the time to do all the updates any more. However, a deciding factor is if I have to do a dual boot with XP so I can use remote access... Any ideas greatly appreciated! You really should only need the openswan package. the 2.6 kernel has a native ipsec stack, so you don't even have to compile extra modules. I have used openswan against a checkpoint router with success, although I suppose it would depend on the configuration being used on the checkpoint. Thanks Stephen, I'm glad to hear someone's done it before! In the past, I've only used PPTP (ugly) VPN's and IPSec tunnels between SnapGears, so Checkpoint is all new to me, and I'll never claim to be an expert on IPSec in general either. I'll see how I go and report back to the list when I know some more. Pete -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]