Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Iron

Endpoint Security VPN certificate-based authentication on Linux

Jump to solution

Hello,

I'm working for a client who uses Check Point Endpoint Security VPN for their remote access solutions. I have a server address and password-protected certificate (p12) which I can use to authenticate and get VPN access. This works fine on Windows using Check Point's client. 

How can I use the same certificate to connect to this VPN using a Linux endpoint, preferably using a terminal client?

I realize Check Point doesn't provide its own Linux client, but I would assume the protocols used aren't home-brewed, meaning an existing Linux client could probably be used (e.g. Openswan).

I couldn't find any guides or other form of documentation in Check Point's knowledge base, and all forum posts  related to VPN+Linux discuss username+password-based authentication, not certificate-based. 

Thanks for any help with this. 

Tags (4)
0 Kudos
1 Solution

Accepted Solutions
Highlighted

Re: Endpoint Security VPN certificate-based authentication on Linux

Jump to solution

Hi, we have touched that in our Remote Access VPN FAQ article, quoting:

 

5. Can I use Check Point baser Remote Access VPN on Linux?

The answer is yes. Here are two community posts about how to set up and use strongSwan (Roadwarrier) and Libreswan 3.23 with R80.30, both written by @Soeren_Rothe.

View solution in original post

4 Replies
Highlighted

Re: Endpoint Security VPN certificate-based authentication on Linux

Jump to solution

Hi, we have touched that in our Remote Access VPN FAQ article, quoting:

 

5. Can I use Check Point baser Remote Access VPN on Linux?

The answer is yes. Here are two community posts about how to set up and use strongSwan (Roadwarrier) and Libreswan 3.23 with R80.30, both written by @Soeren_Rothe.

View solution in original post

Highlighted
Iron

Re: Endpoint Security VPN certificate-based authentication on Linux

Jump to solution
Thanks for linking these, I hadn't seen them before.
Maybe I'm misunderstanding something, but it seems like these guides assume that the VPN client possesses intimate knowledge of the VPN server, such as the main internal IP address of the organization's Firewall object, or the server certificate's... private key? I may be missing something. The client on Windows only requires a VPN server hostname, and the client certificate - I would expect the same on Linux clients.
0 Kudos
Highlighted
Admin
Admin

Re: Endpoint Security VPN certificate-based authentication on Linux

Jump to solution
The only official VPN client we support on Linux is SNX.
For more details on this, see: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

Strongswan and Libreswan are Open Source clients that are not VPN clients specific to Check Point.
To work with a Check Point gateway, they require specific configuration that are detailed in these community-generated guides.
Formal support for Strongswan is planned for an upcoming release.
If you need something that is supported, we have a customer release where this is supported and official documentation can be provided.
Please contact your local office for details.

If none of the above meet your specific requirements, please discuss your precise requirements with your local Check Point office.
Highlighted
Iron

Re: Endpoint Security VPN certificate-based authentication on Linux

Jump to solution
Got it, thanks for the info. Looking forward to seeing official Strongswan support.
0 Kudos