On 12/19/05, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > heya, > > i've been grinding away to get a VPN setup where i can have win xp clients > connect to my openbsd firewall and access the network behind it. i have tried > a > number of things, none of which have yet worked for all my users. i am very > much > interested in hearing from other admins who have currently working solutions > along these lines. i have setup isakmpd between my home and my business > location, so i know i am not a complete idiot when it comes to this stuff ;). > > when i tried to use the native windows IPsec implementation, both as described > in http://openbsd.cz/~pruzicka/vpn.html and through the confusing GUI, i was > not > able to get anywhere. when i used ipseccmd.exe, it would not give me any > useful > debugging outputs and crashed a couple times while i was trying to set this > up. > i would very much like to have a setup using the native IPsec in win xp, but > am > utterly in the dark as to the win xp configuration side of things. > > i have also setup openvpn, which works great for me from home, and i have been > able to successfully get this working. however, one of the users that connects > to my VPN is having problems making openvpn and his kerio firewall "play > nice", > and a working openvpn configuration cannot survive a reboot due to win xp > being > such a great OS. > > i am also aware of "the green bow" VPN client that is known to interoperate > with > isakmpd. i have avoided using this solution since i know it to be a resource > hog > on win xp. anybody else's views on this software would be nice. > > anything that you think could help me get a VPN with win xp talking to my > openbsd firewall would be awesome. i would love a "howto" for the win xp > boxes, > but a smack with the cluestick is likely all i need. it would be nice for this > to NOT use certificates, as i'd like to get a shared secret setup working > first, > then switch to certs later. > > cheers, > jake > >
Hello I am looking at doing the same thing, from a conversation i had over the weekend i think you need to use virtual-id's and run proxy arp on the internal interface. Hope that helps Cheers Steve
