[Openswan Users] Connecting to Openswan from Windows XP Pro
appie at friendly.net
Thu Jul 21 10:47:58 CEST 2005
> prefer to use the native windows ipsec if possible. Also I have not
> installed extra software on the linux box for l2tp or ppp (not using
> dialup) is that required or will the ipsec work without it?
I'm still in the process of trying to figure out a way to get a 'pure' IPsec
connection running from a Windows box to OpenS/WAN with certificates smart
cards/usb tokens. The problem here is that Windows pops up the certificates
in the Current User context (which actually is a good idea) but the Windows
IPsec layer persists in wanting to find them in Local Computer context.
No workout there yet.
However, it is possible to run IPsec only (no L2TP/PPP) from Windows to
OpenS/WAN. Some caveats are that you need to download a seperate program
from Microsoft (ipseccmd.exe) and probably need administrator privileges on
the Windows box (at least to install the certificate).
Anyways, there are several GUIs to assist you in installing the
certificate (look in the mail archives and since you already did you
install a cert might have used one).
The tricksy part is the openswan config and batch files on the Windows site.
Jacco wrote web pages about this as did Nate.
Being the guy I am, I stubbornly tried to figure everything out myself.
And did :)
If you want to pursue the IPsec-only path I can mail you my openswan config
plus the batch files I created.
Personally I think it's stupifying that Microsoft does support IPsec but, in
abscence of IKE2, decided in all their 'wisdom' to adapt IPsec+L2TP (severe
performance/throughput penalty) and thus made it near impossible to use the
IPsec part only. All the 'logic' (code) is there but no logic at all in how
to use it. What gives ?
More information about the Users