Re: Win XP VPN

2005-08-31 Thread Petr Ruzicka
Oh I see, I previous message was meant as answer to original message from Steve Murdoch. XP with SP2 firewall on needs rules at all. If you have any other firewall you basically need to allow esp protocol and udp port 500 (isakmp) to your IPSec GW and vice versa. Regards Petr R. On 8/31/05, Nino

Re: Win XP VPN

2005-08-31 Thread Nino Margetic
so I introduced fw in front of XP workstation. Topology as follows: XP <--> BSD_FW1 <--> BSD_FW2 <--> BSD_Server - XP (ipsec client) connects through BSD_FW2 (ipsec GW) to BSD_Server just fine. - XP and BSD_FW2 are setup according to my document mentioned earlier - XP's IP address is nated on BS

Re: Win XP VPN

2005-08-31 Thread Petr Ruzicka
Hi, so I introduced fw in front of XP workstation. Topology as follows: XP <--> BSD_FW1 <--> BSD_FW2 <--> BSD_Server - XP (ipsec client) connects through BSD_FW2 (ipsec GW) to BSD_Server just fine. - XP and BSD_FW2 are setup according to my document mentioned earlier - XP's IP address is nated on

Re: Win XP VPN

2005-08-31 Thread Nino Margetic
NAT-T should work out of the box as long as you have WinXP SP2 instaled (more details on the MS KB site - e.g. http://support.microsoft.com/default.aspx?scid=kb;en-us;818043 ). --Nino On Wed, 31 Aug 2005, Petr Ruzicka wrote: Fully open now. But I will add a firewall+NAT and let you know. P

Re: Win XP VPN

2005-08-31 Thread Petr Ruzicka
Fully open now. But I will add a firewall+NAT and let you know. Petr R. On 8/31/05, Nino Margetic <[EMAIL PROTECTED]> wrote: > Petr, > > Just one question: how do you firewall your WinXP machine? Or is it just > fully open (i.e. no firewall at at all)?? > > --Nino > > On Mon, 29 Aug 2005, Petr

Re: Win XP VPN

2005-08-31 Thread Nino Margetic
Petr, Just one question: how do you firewall your WinXP machine? Or is it just fully open (i.e. no firewall at at all)?? --Nino On Mon, 29 Aug 2005, Petr Ruzicka wrote: Just to let you know, I spend better part of night configuring my old setup in VMWare machines and everything work as expe

Re: Win XP VPN

2005-08-28 Thread Petr Ruzicka
Just to let you know, I spend better part of night configuring my old setup in VMWare machines and everything work as expected. I will try add NATing if I found time. Best regards Petr R. On 8/23/05, Steve Murdoch <[EMAIL PROTECTED]> wrote: > Hi all. > > I have several sites linked with ipsec on

Re: Win XP VPN

2005-08-25 Thread Petr Ruzicka
As author of this document :o), do you have any debug info to play with ? If I had a time, I will try 3.7/3.8 with XP with this setup and possibly update document. Petr R. On 8/23/05, Steve Murdoch <[EMAIL PROTECTED]> wrote: > Hi all. > > I have several sites linked with ipsec on 3.7 release. E

Re: Win XP VPN

2005-08-23 Thread knitti
hi, On 8/23/05, Steve Murdoch <[EMAIL PROTECTED]> wrote: > I have tried to add some remote win xp machines into the mix using the howto > > http://openbsd.cz/~pruzicka/vpn.html > > without any joy. (the site isn't available to me at the moment). I've managed to connect Win2k and WinXP machin

Re: Win XP VPN

2005-08-23 Thread Jonathan Weiss
As OpenVPN was mentioned before, I've wrote a HOWTO here: http://blog.innerewut.de/articles/2005/07/04/openvpn-2-0-on-openbsd It is very easy to configure and supports Unix, Win, and OS X. Jonathan -- Jonathan Weiss http://blog.innerewut.de

Re: Win XP VPN

2005-08-23 Thread Jason McIntyre
On Tue, Aug 23, 2005 at 08:15:46PM +1000, Steve Murdoch wrote: > > I have several sites linked with ipsec on 3.7 release. Everything works > great. > > I have tried to add some remote win xp machines into the mix using the howto > > http://openbsd.cz/~pruzicka/vpn.html > > without any joy. the

Re: Win XP VPN

2005-08-23 Thread Jason Dixon
On Aug 23, 2005, at 6:15 AM, Steve Murdoch wrote: Secondly has anyone found an ipsec client that will work with pocket pc 2003 connecting to openbsd ? I've deployed movianVPN clients on Treo 650's (Palm) connecting to OpenBSD isakmpd endpoints. MovianVPN also claims support for Pocket PC

Re: Win XP VPN

2005-08-23 Thread Stuart Henderson
--On 23 August 2005 20:15 +1000, Steve Murdoch wrote: without any joy. the winxp in my test case is behind a nat router will this cause me grief ? If the router has "nat helpers" for ipsec (e.g. speedtouch), try disabling them in case they interfere. Otherwise, you'll need to give some more