I just love this site by Kokoro and I just love the gadgets and the use of English within (though perhaps I shouldn’t be laughing out too loud as my efforts with English arn’t exactly much better and any other language, well you might as well forget it!).

To carry on from the last post, Simon Carless the admin for legaltorrents.com has some notes in this this O’Reilly Net article about proper distributing of files and how to torrent..

I know I love robots perhaps more than the next man but this is undeniably cool - Sony are setting up their own intellegent Robot lab. More here

I have been reading RSS news feeds for a short while now but this article by Kevin Schofield on his Weblog about life in Microsoft’s research centre is truely one of the most interesting yet. Read it!

An intellegent and indepth article about the differences of the two on Linux Insider. I hope by the state of that URL that they arn’t really using Perl on their server though..

Just a quick link into the world of Joi Ito who being the lucky sod that he is gets plenty of stuff to play with. At the moment, he is talking about his new p900 NTT DoCoMo phone.

Having a bit of a break from blogging has given me some time to test creating a VPN between Checkpoint NG R54 firewall and Smoothwall Firewall version 2.0 which essentially uses the no-longer in active developmentfreeswan VPN (though I am sure that it is going to still be used for a while to come) as a test to buy the corporate version of Smoothwall. A VPN between Freeswan and Checkpoint has been done many times before, but documentation is rather sparse so I intend to document some findings here..

Smoothwall’s web interface contains many of the parameters needed to configure freeswan but I do recommend using a terminal window to get to the main ipsec.conf configuration parameters held at /var/smoothwall/vpn or where ever you put your freeswan configuration parameters. This also enables you to read the logs that will be dumped in /var/log/secure.

Diving straight into how ipsec.conf was setup for on the smoothwall/linux box (I am trusting that if you wish to use the GUI on smoothwall you will be able to work out what parameter will go where)this is how I have got it setup:

config setup        interfaces=%defaultroute        klipsdebug=none        plutodebug=none        plutoload=%search        plutostart=%search        plutowait=yes        uniqueids=yesconn %default        keyingtries=0conn uklocal        type=tunnel        pfs=no        left=192.168.0.1        leftsubnet=10.10.10.0/24        leftnexthop=%defaultroute        right=192.168.1.1//      rightsubnet=10.10.15.0/24        rightnexthop=%defaultroute        compress=no        auto=start

As you can see the terminology used by freeswan is different from that from of other firewall vendors but can in this instance be explain as;

left The outside IP address of the Checkpoint NG - the remote firewall.

leftsubnet The network IP address and subnet behind the Checkpoint.

right The outside IP address of the Smoothwall/Freeswan box.

rightsubnet The inside network IP address and subnet behind the Smoothwall firewall.

The %defaultroute will be the default route going out as defined in networking. As you can see for now compression and PFS (perfect forward secracy) is turned off.

This along with a pre-shared secret that can be entered either in the Smoothwall interface or into the correct configuration files. Just for the record this is what mine look like

config

uklocal,192.168.0.1,10.10.10.0/24,192.168.1.1,10.10.15.0/24,mysecret,on,off

ipsec.secrets

192.168.0.1 192.168.1.1 : PSK “mysecret”

settings

192.168.0.1 192.168.1.1 : PSK “mysecret”

That is basically it for the Smoothwall/Freeswan configuration, so now we turn to the Checkpoint NG box. Hopefully you will already have a Checkpoint Network object created for your checkpoint firewall, with its main IP being the external IP address and another network object created for your network.

Create a new object that is of the type “Networks” with the network address and mask.

Create a new Network Object of the type “Interoperable Device”, name it and give it the outside IP address. In the Topology section input the IP addresses for the box along with the Names of the interfaces. Under VPN domain select the network object you created earlier. Under Traditional Mode configuration select 3DES, MD5, and preshared Secret. Edit the secrets, and define yours (plaintext, less than 20chars). Check “Support key exchange for subnets”

Make sure that the VPN properties for the checkpoint object is the same as that for the Smoothwall, MD5, 3DES, and that the secret is shared.

Within VPN manager create a new VPN community, I created a Meshed one, give it a name and then in participating gateways add the checkpoint Object and the Smoothwall object. VPN properties should be 3DES and MD5 for both Phases. In the advanced properties, Phase 1 Diffie-Hellman group should be set to Group2(1024bit) with a renegotiation time of 200 mins. For phase 2, I have the same with a time of 3600 seconds, and support site to site compression is turned off.

Now setup the security rules:

Smoothwall-Checkpoint VPNname Any Accept Log

Checkpoint-Smoothwall VPNname Any Accept Log

Remotenet-Localnet VPNname Any Accept Log

Localnet-Remotenet VPNname Any Accept Log

Setup address translation rules:

Remotenet-Localnet Any Orignal Orignal Orignal

Localnet-Remotenet Any Orignal Orignal Orignal

Try installing the policy, make sure that the VPN is on, on the smoothwall, you should be able to transmit packets going across. Good Luck!

Just a quick note to say that the new Mandarina Duck web site is lovely. Lots going, full of colour and very vibrant. Excellent work by Nico Stumpo.

Interesting little article that’s being linked all over the web so why should I be any different..The History of the Apple Operating System.

MobBlog:

Test