Heya, I've created IPSec tunnels to netscreen devices from CentOS using the built-in ipsec-tools (aka racoon), but had to upgrade to a newer version (0.6.5 at the time) because I needed NAT-T and X-Auth support. The only real catch I had was that I needed to upgrade to kernel 2.6.16 or newer to get the IPTables and NAT'ing to work properly coming out of the tunnel. The other fun part was trying to line up vendor terminology vs racoon terminology. Never tried to connect to a checkpoint device...but that NAT'ing problem took a few weeks to track down that I needed to upgrade the kernel, so I figured I would mention it! Mike -----Original Message----- From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On Behalf Of Dag Wieers Sent: August 21, 2006 9:12 AM To: centos at centos.org Subject: [CentOS] Connecting CentOS to IPSEC VPN (Checkpoint FW1) Hi, Does anyone have experience using IPSEC on CentOS in order to connect to vendor IPSEC-based VPN products (specifically Checkpoint FW1) ? Is the included IPSEC implementation sufficient, or do people have to rely on OpenSWAN or FreeSWAN ? I'd be testing tomorrow and I'm interested with experiences others have had and things to look out for. Thanks in advance, -- dag wieers, dag at wieers.com, http://dag.wieers.com/ -- [all I want is a warm bed and a kind word and unlimited power] _______________________________________________ CentOS mailing list CentOS at centos.org http://lists.centos.org/mailman/listinfo/centos