[Openswan Users] Windows vpn clients

Paul Wouters paul at xelerance.com
Wed Sep 7 18:29:08 CEST 2005


On Wed, 7 Sep 2005, Norbert Wegener wrote:

> Hello Andreas,
> if you configure a vpn connection on a windows client via DUN, Windows by 
> default creates l2tp/ipsec connections, with ipsec in transport mode.
> This mode is disabled in strongswan by default and can only be activated via 
> a compiletime switch. Therefore I wonder,
> what is the recommended way to setup a vpn with a window client and a 
> strongswan server?
> Do I need a third party client for the windows system?

If you are happy with X509 based IPsec tunnels, use "lsipsectool.exe" from
sourceforge.net. It's the best Windows client (for win2k and upwards) that
uses the native microsoft ipsec stack and ipsec2k-lib. It does not require
transport mode. so it has much less issues, especially with NAT-T and
having multiple clients behind the same NAT router.

If you need L2TP (eg you need to get an IP address from your remote network)
then you will need to go through the windows wizard, and yes it will use
transport mode IPsec. It is well documented on Jacco de Leeuw's pages. It
currently seems to be having some problems in the later openswan-2.4rc trees.

I cannot make any statement on strongswan, since i have no idea what openswan
fixes get backported to it, since there are no references or attributions to
openswan in strongswan.

Paul


More information about the Users mailing list