Hi Marcel, > Does anybody know if there are any news concerning freeswan and > Watchguard Firebox 2 interoperability? Some time ago I read that the two > would not work together, as Watchguard does not use triple DES during > the negotiation phase. Is there a patch around for freeswan? > The new watchguard version 6.0 support both DES types in phase 1 (DES/3DES). So you should be able to create a static tunnel between the friebox and you freeswan host. If you would like to create a dynamic tunnel (dynamic ip for freeswan), the freeswan must support the aggressive mode, and I'm not sure if freeswan supports this. Btw: I have two tunnels between a firebox and some OpenBSD Host and it works great. So I think with the new 6.0 version this should be no problem for FreeSwan. You can take a look at the following url to see a sample config for 6.0: http://jade.viastore.de/~tsauter/files/howtos/watchguard-vpn.php Happy ipsec'ing Thorsten -- Thorsten Sauter <tsauter@gmx.net> (Is there life after /sbin/halt -p?)
Attachment:
pgpXIYHoYBrXn.pgp
Description: PGP signature