Unfortunately, we are using text messages (SMS) as the second factor. So this won't work for me.
We also try to use certificate based VPN connections with device certificates. The problem here is that our Checkpoint VPN teams knowledge is very limited when it comes to details.
There are many questions left such as:
- Do we use certificates for both? The VPN (ipsec) connection itself and L2TP?
- Would the most recent Fedora release be sufficient to establish a VPN connection or does one of the components (Network Manager L2TP plugin, Strongswan, ???) lack something?
- In order to debug would it not be better to use StrongSwan cli instead of l2tp-network-manager-gnome?
- I read something about the VPN gateway certificate. That I need it whenever I do not use the official Checkpoint client. True?
- What is the Remote ID?
- What the hell do i put in the phase 1 and phase 2 algorithm field?
- Which lifetimes should I set?
- Which checkboxes should be set?
- Which L2TP-PPP options should be set?
Can I extract answers to these questions from the Windows or Android Checkpoint client? What do I need from our Checkpoint VPN team?