[Openswan Users] Connecting to Openswan from Windows XP Pro

Albert Siersema appie at friendly.net
Thu Jul 21 10:47:58 CEST 2005


Hello Tim,

> prefer to use the native windows ipsec if possible.  Also I have not
> installed extra software on the linux box for l2tp or ppp (not using
> dialup)  is that required or will the ipsec work without it?

I'm still in the process of trying to figure out a way to get a 'pure' IPsec
connection running from a Windows box to OpenS/WAN with certificates smart 
cards/usb tokens. The problem here is that Windows pops up the certificates 
in the Current User context (which actually is a good idea) but the Windows 
IPsec layer persists in wanting to find them in Local Computer context.
No workout there yet.

However, it is possible to run IPsec only (no L2TP/PPP) from Windows to 
OpenS/WAN. Some caveats are that you need to download a seperate program 
from Microsoft (ipseccmd.exe) and probably need administrator privileges on 
the Windows box (at least to install the certificate).
Anyways, there are several GUIs to assist you in installing the
certificate (look in the mail archives and since you already did you
install a cert might have used one).
The tricksy part is the openswan config and batch files on the Windows site.
Jacco wrote web pages about this as did Nate.
Being the guy I am, I stubbornly tried to figure everything out myself.
And did :)
If you want to pursue the IPsec-only path I can mail you my openswan config 
plus the batch files I created.

Personally I think it's stupifying that Microsoft does support IPsec but, in 
abscence of IKE2, decided in all their 'wisdom' to adapt IPsec+L2TP (severe 
performance/throughput penalty) and thus made it near impossible to use the 
IPsec part only. All the 'logic' (code) is there but no logic at all in how 
to use it. What gives ?

Cheers,
Albert


More information about the Users mailing list