Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
iptables
Participant
Jump to solution

Endpoint Security VPN certificate-based authentication on Linux

Hello,

I'm working for a client who uses Check Point Endpoint Security VPN for their remote access solutions. I have a server address and password-protected certificate (p12) which I can use to authenticate and get VPN access. This works fine on Windows using Check Point's client. 

How can I use the same certificate to connect to this VPN using a Linux endpoint, preferably using a terminal client?

I realize Check Point doesn't provide its own Linux client, but I would assume the protocols used aren't home-brewed, meaning an existing Linux client could probably be used (e.g. Openswan).

I couldn't find any guides or other form of documentation in Check Point's knowledge base, and all forum posts  related to VPN+Linux discuss username+password-based authentication, not certificate-based. 

Thanks for any help with this. 

0 Kudos
1 Solution

Accepted Solutions
_Val_
Admin
Admin

Hi, we have touched that in our Remote Access VPN FAQ article, quoting:

 

5. Can I use Check Point baser Remote Access VPN on Linux?

The answer is yes. Here are two community posts about how to set up and use strongSwan (Roadwarrier) and Libreswan 3.23 with R80.30, both written by @Soeren_Rothe.

View solution in original post

4 Replies
_Val_
Admin
Admin

Hi, we have touched that in our Remote Access VPN FAQ article, quoting:

 

5. Can I use Check Point baser Remote Access VPN on Linux?

The answer is yes. Here are two community posts about how to set up and use strongSwan (Roadwarrier) and Libreswan 3.23 with R80.30, both written by @Soeren_Rothe.

iptables
Participant
Thanks for linking these, I hadn't seen them before.
Maybe I'm misunderstanding something, but it seems like these guides assume that the VPN client possesses intimate knowledge of the VPN server, such as the main internal IP address of the organization's Firewall object, or the server certificate's... private key? I may be missing something. The client on Windows only requires a VPN server hostname, and the client certificate - I would expect the same on Linux clients.
0 Kudos
PhoneBoy
Admin
Admin
The only official VPN client we support on Linux is SNX.
For more details on this, see: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

Strongswan and Libreswan are Open Source clients that are not VPN clients specific to Check Point.
To work with a Check Point gateway, they require specific configuration that are detailed in these community-generated guides.
Formal support for Strongswan is planned for an upcoming release.
If you need something that is supported, we have a customer release where this is supported and official documentation can be provided.
Please contact your local office for details.

If none of the above meet your specific requirements, please discuss your precise requirements with your local Check Point office.
iptables
Participant
Got it, thanks for the info. Looking forward to seeing official Strongswan support.
0 Kudos
(1)

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events