Ok, thank you a lot for your replay. Have you ever try to use ikev2 ? using iked and so win7 have ikev2 support. I tried to use it (iked) but no success... :( If you can take a eye on it.
Cheers, Wesley M. On Wed, 31 Aug 2011 19:07:49 +0800, Zak Elep <zak.e...@orangeandbronze.com> wrote: > On Wed, Aug 31, 2011 at 6:30 PM, Wesley M. <open...@e-solutions.re> wrote: >> What is the best way to build a vpn between an OpenBSD 4.9 gateway >> and a Win7 workstation ? > > I got this working here on our network, both for Win7 and Ubuntu > clients going to an OpenBSD gateway. > > On the gateway, have /etc/ipsec.conf say something like > > # roadwarrior > ike passive esp from any to gateway.ip.address peer any psk > your-rand0m-password-here > ike passive esp from gateway.ip.address to any psk > your-rand0m-password-here > > And on your Win7 client, get Shrew VPN[0] and add a configuration with > the following auth: > > Phase 1: > - Exchange type: main > - DH Exchange: group 2 > - Cipher algorithm: aes > - Cipher key length: 256 Bits > - Hash algorithm: sha1 > > Phase 2: > - Transform length: aes > - Transform key length: 256 Bits > - HMAC algorithm: sha1 > - PFS Exchange: group 2 > - Compression algorithm: deflate > > Policy: > - add a topology entry that matches your internal network > > [0] http://www.shrew.net/download/vpn
