[Openswan Users] Connecting to Openswan from Windows XP Pro

Tim P panterafreak at gmail.com
Thu Jul 21 18:24:37 CEST 2005

Albert I would like to see those batch files.  I have the certificate
imported as best I can tell using the MMC.  I have the ipseccmd.exe
(part of support tools) but didn't really have any idea on how to use
it.  I tried to use the third party ipsec connector but had no luck,
lots of errors generated by the ipseccmd.exe file.

Also, does anyone have an low to no cost vpn clients that work from
windows?  I suppose I could also switch the authenitcation from
certificates to username/password or some other form (like preshared

Looking for a secure way to use the windows client or a low to no cost
client program.

Thanks all

On 7/21/05, Albert Siersema <appie at friendly.net> wrote:
> Hello Tim,
> > prefer to use the native windows ipsec if possible.  Also I have not
> > installed extra software on the linux box for l2tp or ppp (not using
> > dialup)  is that required or will the ipsec work without it?
> I'm still in the process of trying to figure out a way to get a 'pure' IPsec
> connection running from a Windows box to OpenS/WAN with certificates smart
> cards/usb tokens. The problem here is that Windows pops up the certificates
> in the Current User context (which actually is a good idea) but the Windows
> IPsec layer persists in wanting to find them in Local Computer context.
> No workout there yet.
> However, it is possible to run IPsec only (no L2TP/PPP) from Windows to
> OpenS/WAN. Some caveats are that you need to download a seperate program
> from Microsoft (ipseccmd.exe) and probably need administrator privileges on
> the Windows box (at least to install the certificate).
> Anyways, there are several GUIs to assist you in installing the
> certificate (look in the mail archives and since you already did you
> install a cert might have used one).
> The tricksy part is the openswan config and batch files on the Windows site.
> Jacco wrote web pages about this as did Nate.
> Being the guy I am, I stubbornly tried to figure everything out myself.
> And did :)
> If you want to pursue the IPsec-only path I can mail you my openswan config
> plus the batch files I created.
> Personally I think it's stupifying that Microsoft does support IPsec but, in
> abscence of IKE2, decided in all their 'wisdom' to adapt IPsec+L2TP (severe
> performance/throughput penalty) and thus made it near impossible to use the
> IPsec part only. All the 'logic' (code) is there but no logic at all in how
> to use it. What gives ?
> Cheers,
> Albert

More information about the Users mailing list