[Openswan Users] Creating Win XP vpn connection
Brian Candler
B.Candler at pobox.com
Wed Apr 19 21:26:26 CEST 2006
On Wed, Apr 19, 2006 at 07:57:06PM +0200, Paul Wouters wrote:
> On Wed, 19 Apr 2006, peters at exemplar-associates.com wrote:
>
> > I just did a search for lsipsectool and I had read some of it before
> > but it looked too complicated for what I needed. I assume then that
> > it is a replacement for ipsec.
>
> It is not a replacement for ipsec. lsipsectool.exe and ipsec.exe both just
> drive the microsoft IPsec stack and the microsoft PolicyAgent.
Incidentally, you could always use Microsoft's own tools for this:
ipseccmd.exe (XP) or ipsecpol.exe (Win2K)
ipseccmd.exe is available for install from the \support\tools directory
on the XP SP2 CD-ROM: for info see the -h help output or
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/ipsecmd.mspx?mfr=true
ipsecpol.exe for 2K is available as a download:
http://www.microsoft.com/windows2000/techinfo/reskit/tools/existing/ipsecpol-o.asp
Once you've read the help they're rather straightforward to use. For
example,
ipseccmd -f 0+* -a PRESHARE:"foobar"
sets up a bidirectional transport mode policy for all traffic from this host
to any other host on the Internet, requiring them to use IPSEC authenticated
by the given preshared key. For sending all traffic down a tunnel instead,
try
ipseccmd -f 0=* -t $remip -a PRESHARE="..." # $remip = tunnel far end
ipseccmd -f *=0 -t $myip -a PRESHARE="..." # $myip = tunnel local end
But if you want to do tunneling with dynamic endpoints, you're probably
better off using L2TP over IPSEC transport mode.
Regards,
Brian.
More information about the Users
mailing list