Integration of Check Point VPN-1®/Firewall-1® and FreeBSD IPsec
$FreeBSD: head/en_US.ISO8859-1/articles/checkpoint/article.sgml 39544 2012-09-14 17:47:48Z gabor $Copyright © 2001, 2002, 2003 Jon Orbeton
$FreeBSD: head/en_US.ISO8859-1/articles/checkpoint/article.sgml 39544
2012-09-14 17:47:48Z gabor $
This document explains how to configure a VPN tunnel between FreeBSD and Check Point's VPN-1®/ Firewall-1®. Other documents provide similar information, but do not contain instructions specific to VPN-1/Firewall-1 and its integration with FreeBSD. These documents are listed at the conclusion of this paper for further reference.
1 Prerequisites
The following is a diagram of the machines and networks referenced in this document.
The FreeBSD gateway GW serves as a firewall and NAT device for “internal nets.”
The FreeBSD kernel must be compiled to support IPsec. Use the following kernel options to enable IPsec support in your kernel:
options IPSEC options IPSEC_ESP options IPSEC_DEBUG
For instructions on building a custom kernel, refer to the FreeBSD handbook. Please note that IP protocol 50 (ESP) and UDP port 500 must be open between the Firewall-1 host and the FreeBSD GW.
Also, racoon must be installed to support key exchange. Racoon is part of the FreeBSD ports collection in security/racoon. The racoon configuration file will be covered later in this document.