[Openswan Users] Windows 2000 + XP > OpenSwan

Jacco de Leeuw jacco2 at dds.nl
Sun Oct 24 18:53:36 CEST 2004

Jan Husseini wrote:

> So what I want to do is give the road warrior an IP address from our company
> network, so that they "become a part of the network".
> But is there also a way to make him "part of the network" and give him one
> of the company's IP-addresses?

Sentinel supports virtual addresses. You don't even have to use
DHCP-over-IPsec or L2TP, although both are supported. The problem
is though that the product is discontinued.

 > I know of "DHCP over ipsec" but don't you need a separate NIC for that?

Not that I know of.

> Is the only good way to get that to work l2tp over ipsec?

Probably yes, if you want to use Windows without additional software.
If you're not stuck with Windows you could do all kinds of things such
as L2TP or GRE or bridging.

> So what I would like to know is how does Windows know which certificate it
> should use for the ipsec connection - in windows XP everything works just
> fine - but how?

The server indicates which CA has issued its certificate.

Jacco de Leeuw                         mailto:jacco2 at dds.nl
Zaandam, The Netherlands           http://www.jacco2.dds.nl

More information about the Users mailing list