Connecting openVPN to checkpoint with username and password

[sydfrey05]

Hi Guys,

We are using checkpoint secureclient as our main means for connecting via VPN but since checkpoint does not support Linux, I was tasked by my manager tasked me to research regarding using OpenVPN for our linux[Ubuntu] users.

I am planning to use just username and password for authentication and have asked our Checkpoint vendor regarding the implementation, he advised me to just copy the VPN settings on our checkpoint (ex: 3des-sha1) and that there is no need to set-up an openVPN server, but all the documentations says otherwise.

I just want to use openVPN client and just use username and password for authentication, is it possible to do that without openvpn server as our vendors says? what do i need to configure on my client config? Your inputs will be very much appreciated.
Thank you.

[gladiatr72]

We are using checkpoint secureclient as our main means for connecting via VPN but since checkpoint does not support Linux, I was tasked by my manager tasked me to research regarding using OpenVPN for our linux[Ubuntu] users.

Fantastic. Actually, you could migrate your windows and/or mac users to openvpn as well and throw the checkpoint box in the bin (or you can cut a hole in the top, fill it with fine, black sand and use it as a nice ash tray )

I am planning to use just username and password for authentication and have asked our Checkpoint vendor regarding the implementation, he advised me to just copy the VPN settings on our checkpoint (ex: 3des-sha1) and that there is no need to set-up an openVPN server, but all the documentations says otherwise.

What your vendor was trying to explain is that it's possible to configure the linux IPSec bits to communicate with the checkpoint IPSec bits. Don't ask me how. I don't know. Honestly, that's why I use OpenVPN.

I just want to use openVPN client and just use username and password for authentication, is it possible to do that without openvpn server as our vendors says? what do i need to configure on my client config? Your inputs will be very much appreciated.
Thank you.

How is the checkpoint box doing it? Is it authenticating on form an external source or is it storing the usernames and passwords internally?

If you have your heart set on keeping the checkpoint box around, it probably supports ldap/AD or radius. It's a little bit of work to do the same for OpenVPN, but then you'd have a the same username/passwords for access.

Good luck!

-Stephen