Hi, On Fri, 01.07.2005 at 18:36:56 -0700, Bruno S. Delbono <[EMAIL PROTECTED]> wrote: > IKE-mode is good but can be buggy with some clients. The best Windows > clients for a pure IPSec connection are:
> a) Safenet (OEM) SoftRemote version 10.x (versions 9.x do not support > AES). * Danke Harondel! *. Safenet supports PSK "and" X509 certs. It has hmmm... I didn't get SafeNet to work properly (maybe an older version, in 200[123] or so, which was OEM'ed by NetScreen, and also had severe breakage with > b) SSH.com's Sentinel Client 1.4.1 - This was the last release and is this which just stopped working for us after an Sentinel and OpenBSD upgrade - both were required, the Sentinel because of a remote root, and OpenBSD to go from 3.[12] to 3.[456], can't quite remember, at the time. We have absolutely no inclination to rely on software which is clearly abandoned and also closed source. We arrived at d) NCP's SecureEntry (?) which you can purchase from OEMs and/or through dealers, depending on qty. Works rather well for us so far, but hey, we also sell it, so take with a grain of salt. It's probably the most expensive of the pack... :-| We use X509, AES256, NAT-T, and IKECFG and would also use DHCP-over-IPSEC and compression if they were supported (didn't check lately, though). I didn't have a good opportunity (time etc) to look into the Greenbow yet, but am still interested in this and other software for this application. I've heard that implementing DHCP-over-IPSEC in ISAKMPD is open for sponsoring... Maybe we can collect enough to get it in? Best, --Toni++
