[EMAIL PROTECTED] wrote:
heya,
i've been grinding away to get a VPN setup where i can have win xp clients
connect to my openbsd firewall and access the network behind it. i have tried a
number of things, none of which have yet worked for all my users. i am very much
interested in hearing from other admins who have currently working solutions
along these lines. i have setup isakmpd between my home and my business
location, so i know i am not a complete idiot when it comes to this stuff ;).
when i tried to use the native windows IPsec implementation, both as described
in http://openbsd.cz/~pruzicka/vpn.html and through the confusing GUI, i was not
able to get anywhere. when i used ipseccmd.exe, it would not give me any useful
debugging outputs and crashed a couple times while i was trying to set this up.
i would very much like to have a setup using the native IPsec in win xp, but am
utterly in the dark as to the win xp configuration side of things.
i have also setup openvpn, which works great for me from home, and i have been
able to successfully get this working. however, one of the users that connects
to my VPN is having problems making openvpn and his kerio firewall "play nice",
and a working openvpn configuration cannot survive a reboot due to win xp being
such a great OS.
i am also aware of "the green bow" VPN client that is known to interoperate with
isakmpd. i have avoided using this solution since i know it to be a resource hog
on win xp. anybody else's views on this software would be nice.
anything that you think could help me get a VPN with win xp talking to my
openbsd firewall would be awesome. i would love a "howto" for the win xp boxes,
but a smack with the cluestick is likely all i need. it would be nice for this
to NOT use certificates, as i'd like to get a shared secret setup working first,
then switch to certs later.
cheers,
jake
Hi jake,
I have been successfully using the Windows XP native IPSec client for
some 2 years now. There is a good configuration tool at
http://vpn.ebootis.de/ which reads a configuration file and executes the
ipseccmd commands needed for setting up the tunnel. Latest version is
2.2, i am using 2.1.4.
You do need XP Service Pack 2. Also you must install the windows support
tools as mentioned on Marcus' web page. Note that if you already
installed them before installing SP2, you must also upgrade the support
tools after installing SP2.
As for windows debug output, look for "oakley log" in
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/sag_ipsec_tools.mspx
This works with certificates (somewhat tricky to setup) as well as with
preshared secret.
HTH,
Heinrich
--
Heinrich Rebehn
University of Bremen
Physics / Electrical and Electronics Engineering
- Department of Telecommunications -
Phone : +49/421/218-4664
Fax : -3341
