On 12/22/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > > Hi gang, > > I'm looking for peoples' experiences and advice for setting up a VPN > between OpenBSD (I will be using 4.0) and Windows XP/2000 systems. I have > tested the Greenbow client and it seems ok. What of the built-in VPN client > for the Windows OS? I am mostly interested in ease of configuration and > reliability of the tunnel. I am ok on IPSEC theory. > > Thanks in advance for any comments, > > Peter > > The greenbow client is definitely easier to use than the built-in MS IPSec client, and offers a lot more in terms of capabilities. There are some limitations on the MS client as far as what types of encryption you can use with the Phase1/2 negotiations.
With the Windows client, there are two approaches I've used to establish IPSec tunnels: (1) the IPSec MMC Snap-in and (2) the command line method (via the windows support tools). In either case, there is no clear way to see that a tunnel is established or to close the tunnel. It's clear to the savvy user on how to close a tunnel, but if you are looking to deploy it to a regular user-base, it probably won't be so clear. With the MMC snap-in, you can export the settings, then another user can import those settings, at which point only minor changes are required to make it work (configure the ip for your end of the tunnel). The same applies to the command line approach. Axton Grams
