Solved: Endpoint Security VPN certificate-based authentica...

iptables · ‎2020-05-17

Hello,

I'm working for a client who uses Check Point Endpoint Security VPN for their remote access solutions. I have a server address and password-protected certificate (p12) which I can use to authenticate and get VPN access. This works fine on Windows using Check Point's client.

How can I use the same certificate to connect to this VPN using a Linux endpoint, preferably using a terminal client?

I realize Check Point doesn't provide its own Linux client, but I would assume the protocols used aren't home-brewed, meaning an existing Linux client could probably be used (e.g. Openswan).

I couldn't find any guides or other form of documentation in Check Point's knowledge base, and all forum posts related to VPN+Linux discuss username+password-based authentication, not certificate-based.

Thanks for any help with this.

_Val_ · ‎2020-05-17

Hi, we have touched that in our Remote Access VPN FAQ article, quoting:

5. Can I use Check Point baser Remote Access VPN on Linux?

The answer is yes. Here are two community posts about how to set up and use strongSwan (Roadwarrier) and Libreswan 3.23 with R80.30, both written by @Soeren_Rothe.

View solution in original post

_Val_ · ‎2020-05-17

Hi, we have touched that in our Remote Access VPN FAQ article, quoting:

5. Can I use Check Point baser Remote Access VPN on Linux?

The answer is yes. Here are two community posts about how to set up and use strongSwan (Roadwarrier) and Libreswan 3.23 with R80.30, both written by @Soeren_Rothe.

iptables · ‎2020-05-17

Thanks for linking these, I hadn't seen them before.
Maybe I'm misunderstanding something, but it seems like these guides assume that the VPN client possesses intimate knowledge of the VPN server, such as the main internal IP address of the organization's Firewall object, or the server certificate's... private key? I may be missing something. The client on Windows only requires a VPN server hostname, and the client certificate - I would expect the same on Linux clients.

PhoneBoy · ‎2020-05-17

The only official VPN client we support on Linux is SNX.
For more details on this, see: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

Strongswan and Libreswan are Open Source clients that are not VPN clients specific to Check Point.
To work with a Check Point gateway, they require specific configuration that are detailed in these community-generated guides.
Formal support for Strongswan is planned for an upcoming release.
If you need something that is supported, we have a customer release where this is supported and official documentation can be provided.
Please contact your local office for details.

If none of the above meet your specific requirements, please discuss your precise requirements with your local Check Point office.

iptables · ‎2020-05-18

Got it, thanks for the info. Looking forward to seeing official Strongswan support.

Endpoint Security VPN certificate-based authentication on Linux

5. Can I use Check Point baser Remote Access VPN on Linux?

5. Can I use Check Point baser Remote Access VPN on Linux?

Endpoint Security VPN certificate-based authentication on Linux

Are you a member of CheckMates?

Endpoint Security VPN certificate-based authentication on Linux

5. Can I use Check Point baser Remote Access VPN on Linux?

5. Can I use Check Point baser Remote Access VPN on Linux?

Endpoint Security VPN certificate-based authentication on Linux