vpn vyatta -> checkpoint help

2 posts / 0 new
Last post
lucasbuck
vpn vyatta -> checkpoint help

Hi,

i am trying to connect vyatta vpn ipsec to a checkpoint NG.

I believe all the settings are correct, but I am confused with this log output:

Aug 18 01:55:41 chef-mvno-vpn-02 pluto[16630]: "peer-84.xxx.249.130-tunnel-1" #1: initiating Main Mode
Aug 18 01:55:41 chef-mvno-vpn-02 pluto[16630]: "peer-84.xxx.249.130-tunnel-1" #1: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
Aug 18 01:55:41 chef-mvno-vpn-02 pluto[16630]: "peer-84.xxx.249.130-tunnel-1" #1: STATE_MAIN_I2: sent MI2, expecting MR2
Aug 18 01:55:41 chef-mvno-vpn-02 pluto[16630]: "peer-84.xxx.249.130-tunnel-1" #1: I did not send a certificate because I do not have one.
Aug 18 01:55:41 chef-mvno-vpn-02 pluto[16630]: "peer-84.xxx.249.130-tunnel-1" #1: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
Aug 18 01:55:41 chef-mvno-vpn-02 pluto[16630]: "peer-84.xxx.249.130-tunnel-1" #1: STATE_MAIN_I3: sent MI3, expecting MR3
Aug 18 01:55:41 chef-mvno-vpn-02 pluto[16630]: "peer-84.xxx.249.130-tunnel-1" #1: Main mode peer ID is ID_IPV4_ADDR: '212.xxx.181.6'
Aug 18 01:55:41 chef-mvno-vpn-02 pluto[16630]: "peer-84.xxx.249.130-tunnel-1" #1: we require peer to have ID '84.xxx.249.130', but peer declares '212.xxx.181.6'
Aug 18 01:55:41 chef-mvno-vpn-02 pluto[16630]: "peer-84.xxx.249.130-tunnel-1" #1: sending encrypted notification INVALID_ID_INFORMATION to 84.xxx.249.130:500

what really confuses me is a different IP being returned?!

we require peer to have ID '84.xxx.249.130', but peer declares '212.xxx.181.6'

anyone point me in the right direction?

thanks

lucasbuck
vpn vyatta -> checkpoint help

update

i was able to get round this problem by adding

righid=212.xxx.181.6

manually into the /etc/ipsec.conf file and adding

84.xxx.249.130 212.xxx.181.6 = key

manually into the /etc/ipsec.secret file

however if i restart the ipsec tunnel, these are removed by vyatta.
Is there anyway to keep these? or set them in vyatta?

Thanks