1 of 1 people found this helpful
The firewall does standard IPSEC. There are many many Linux programs which can do this (Raccoon comes to mind). Google "Linux IPSEC VPN" and you'll find some good information.
Thanks for your help.
Another Question, it is possible to find the vpn psk in cleartext?
If you mean the VPN password on the Firewall - I don't think this has been possible since v7.
In v6 the 'cf ipsec query' command would reveal the pre-shared key in plain text, but since version 7 I've found that the value is obfuscated.
it's not cleartext.
There is a command you can use to see the password:
cf ipsec query Show_Clear_Passwords=yes
ohhh, great. big thanks! it works.
Might be worth pointing out that this is a v8-specific command.
I was very excited to read about this, thinking it was a hidden-away nugget of goodness. But there's no mention of it in the man pages on v7 appliances and, indeed, this would confirm that the parameter in question doesn't exist on the older version. But it does indeed work on v8!
It's a pity as I've come across a few scenarios where the customer has chosen to synchronize the move from v7 to v8 with a change in hardware, or have decided to go with a fresh software installation if the access rules have become too much of a mess. But, if they have a number of site-to-site VPNs (and haven't noted the PSKs elsewhere) while the cf ipsec q > filename.txt on the old appliance and cf -f filename.txt on the new appliance has allowed the bulk of the IPSec policy content to be transported across it has then been necessary to re-enter the PSKs.