This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
iptables
Participant
‎2020-05-17 12:59 AM
Jump to solution

Endpoint Security VPN certificate-based authentication on Linux

Hello,

I'm working for a client who uses Check Point Endpoint Security VPN for their remote access solutions. I have a server address and password-protected certificate (p12) which I can use to authenticate and get VPN access. This works fine on Windows using Check Point's client. 

How can I use the same certificate to connect to this VPN using a Linux endpoint, preferably using a terminal client?

I realize Check Point doesn't provide its own Linux client, but I would assume the protocols used aren't home-brewed, meaning an existing Linux client could probably be used (e.g. Openswan).

I couldn't find any guides or other form of documentation in Check Point's knowledge base, and all forum posts  related to VPN+Linux discuss username+password-based authentication, not certificate-based. 

Thanks for any help with this. 

0 Kudos
1 Solution

Accepted Solutions
_Val_
Admin
Admin
‎2020-05-17 07:51 AM
Jump to solution

Hi, we have touched that in our Remote Access VPN FAQ article, quoting:

 

5. Can I use Check Point baser Remote Access VPN on Linux?

The answer is yes. Here are two community posts about how to set up and use strongSwan (Roadwarrier) and Libreswan 3.23 with R80.30, both written by @Soeren_Rothe.

View solution in original post

4 Replies
_Val_
Admin
Admin
‎2020-05-17 07:51 AM
Jump to solution

Hi, we have touched that in our Remote Access VPN FAQ article, quoting:

 

5. Can I use Check Point baser Remote Access VPN on Linux?

The answer is yes. Here are two community posts about how to set up and use strongSwan (Roadwarrier) and Libreswan 3.23 with R80.30, both written by @Soeren_Rothe.

iptables
Participant
‎2020-05-17 09:57 AM
In response to _Val_
Jump to solution

Thanks for linking these, I hadn't seen them before.
Maybe I'm misunderstanding something, but it seems like these guides assume that the VPN client possesses intimate knowledge of the VPN server, such as the main internal IP address of the organization's Firewall object, or the server certificate's... private key? I may be missing something. The client on Windows only requires a VPN server hostname, and the client certificate - I would expect the same on Linux clients.
0 Kudos
PhoneBoy
Admin
Admin
‎2020-05-17 05:31 PM
In response to iptables
Jump to solution

The only official VPN client we support on Linux is SNX.
For more details on this, see: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

Strongswan and Libreswan are Open Source clients that are not VPN clients specific to Check Point.
To work with a Check Point gateway, they require specific configuration that are detailed in these community-generated guides.
Formal support for Strongswan is planned for an upcoming release.
If you need something that is supported, we have a customer release where this is supported and official documentation can be provided.
Please contact your local office for details.

If none of the above meet your specific requirements, please discuss your precise requirements with your local Check Point office.
iptables
Participant
‎2020-05-18 01:33 AM
In response to PhoneBoy
Jump to solution

Got it, thanks for the info. Looking forward to seeing official Strongswan support.
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    li.common.scroll-to.top