[Openswan Users] Windows 2000 + XP > OpenSwan

Jan Husseini JHusseini at hitchhiker.com
Thu Oct 21 11:03:18 CEST 2004

Hello Guys,

Let me introduce myself real quick:
My name is Jan and I'm as Student as IT-Systems-Administrator.
My final project is about IPSec. I bought a couple of books explaining the
technical facts of IPSec, and one book, which gets into using freeswan and

This is my setup:

(company network) ----[VPN-Gateway]-----(Internet)-----{Road warrior}

The road warriors are only running windows 2000 and XP (Patched as of
So what I want to do is give the road warrior an IP address from our company
network, so that they "become a part of the network".

So what I got out of my books is that I need to use l2tp over ipsec to have
a connection as described above.
So here comes my first question:
I know that ipsec is layer 3, and l2tp is layer 2 - but I know that there is
a way to connect using the ipsec stack in windows. I used markus mueller's
ipsec tool and got a working connection. 
But is there also a way to make him "part of the network" and give him one
of the company's IP-addresses? I know of "DHCP over ipsec" but don't you
need a separate NIC for that?
Is the only good way to get that to work l2tp over ipsec?

So what I did I followed the instructions in my book and on the excellent
page (http://www.jacco2.dds.nl/networking/freeswan-l2tp.html). And I finally
got a connection using X509 Certs and Windows XP (sp2).
But when I use Windows 2000 (sp4) the l2tp connection worked but he doesn't
even try to authenticate with ipsec.
So what I would like to know is how does Windows know which certificate it
should use for the ipsec connection - in windows XP everything works just
fine - but how?

I know this is a long e-mail and sorry for bothering you with my problems!

Thanks a lot for taking the time to read through this. 
I know that I did not attach any config files and log files - I think that I
don't need to since I just got some universal questions.

Thanks guys,


More information about the Users mailing list