[Openswan Users] Looking for windows XP client
Michael Richardson
mcr at sandelman.ottawa.on.ca
Thu Feb 26 18:33:01 CET 2004
-----BEGIN PGP SIGNED MESSAGE-----
>> There is one major problem with the Win2000/XP internal IPSEC
>> client. You need admin rights if you want to change the IPSEC
>> rules. This is needed every time you dial into the internet and
>> get a new dynamic IP address. In most corporate environments it
>> is strictly forbidden that the users have local admin rights on
>> their machines.
Alexander> Is this true for the IPSEC/L2TP solution as well ?
It is my understanding (but, I have no personal experience at this
time) that in classic do-it-our-way-our-else Microsoft tradition, that
L2TP does not suffer from that problem. Why? because ultimately it is a
PPP interface that is being configured by the L2TP, and the IPsec
*policy* does not need to change.
] ON HUMILITY: to err is human. To moo, bovine. | firewalls [
] Michael Richardson, Xelerance Corporation, Ottawa, ON |net architect[
] mcr at xelerance.com http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys
iQCVAwUBQD6CLIqHRg3pndX9AQEMCAQAt26uPmvJsGn/P4h2KDRf0W7mnVjQRKZP
cB0FAqvlxKl7E3K/z+NBpJhFxQIS60m4SZxeVS86p1rblQs2Tzp0ToO6RRgZCCED
j7hxEuyaCtCixmqTLqoagr1CGuYUG7XSFkdAoDQxPh4US39tWQm6kZR1aclyZHEg
UIeySi2gO14=
=jhgl
-----END PGP SIGNATURE-----
More information about the Users
mailing list