This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
iptables
Participant
‎2020-05-17 12:59 AM

Endpoint Security VPN certificate-based authentication on Linux

Jump to solution

Hello,

I'm working for a client who uses Check Point Endpoint Security VPN for their remote access solutions. I have a server address and password-protected certificate (p12) which I can use to authenticate and get VPN access. This works fine on Windows using Check Point's client. 

How can I use the same certificate to connect to this VPN using a Linux endpoint, preferably using a terminal client?

I realize Check Point doesn't provide its own Linux client, but I would assume the protocols used aren't home-brewed, meaning an existing Linux client could probably be used (e.g. Openswan).

I couldn't find any guides or other form of documentation in Check Point's knowledge base, and all forum posts  related to VPN+Linux discuss username+password-based authentication, not certificate-based. 

Thanks for any help with this. 

0 Kudos
Reply
1 Solution

Accepted Solutions
_Val_
Admin
Admin
‎2020-05-17 07:51 AM

Jump to solution

Hi, we have touched that in our Remote Access VPN FAQ article, quoting:

 

5. Can I use Check Point baser Remote Access VPN on Linux?

The answer is yes. Here are two community posts about how to set up and use strongSwan (Roadwarrier) and Libreswan 3.23 with R80.30, both written by @Soeren_Rothe.

View solution in original post

Reply
4 Replies
_Val_
Admin
Admin
‎2020-05-17 07:51 AM

Jump to solution

Hi, we have touched that in our Remote Access VPN FAQ article, quoting:

 

5. Can I use Check Point baser Remote Access VPN on Linux?

The answer is yes. Here are two community posts about how to set up and use strongSwan (Roadwarrier) and Libreswan 3.23 with R80.30, both written by @Soeren_Rothe.

View solution in original post

Reply
iptables
Participant
‎2020-05-17 09:57 AM
In response to _Val_

Jump to solution
Thanks for linking these, I hadn't seen them before.
Maybe I'm misunderstanding something, but it seems like these guides assume that the VPN client possesses intimate knowledge of the VPN server, such as the main internal IP address of the organization's Firewall object, or the server certificate's... private key? I may be missing something. The client on Windows only requires a VPN server hostname, and the client certificate - I would expect the same on Linux clients.
0 Kudos
Reply
PhoneBoy
Admin
Admin
‎2020-05-17 05:31 PM
In response to iptables

Jump to solution
The only official VPN client we support on Linux is SNX.
For more details on this, see: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

Strongswan and Libreswan are Open Source clients that are not VPN clients specific to Check Point.
To work with a Check Point gateway, they require specific configuration that are detailed in these community-generated guides.
Formal support for Strongswan is planned for an upcoming release.
If you need something that is supported, we have a customer release where this is supported and official documentation can be provided.
Please contact your local office for details.

If none of the above meet your specific requirements, please discuss your precise requirements with your local Check Point office.
Reply
iptables
Participant
‎2020-05-18 01:33 AM
In response to PhoneBoy

Jump to solution
Got it, thanks for the info. Looking forward to seeing official Strongswan support.
0 Kudos
Reply