[Openswan Users] Creating Win XP vpn connection

Brian Candler B.Candler at pobox.com
Wed Apr 19 21:26:26 CEST 2006

On Wed, Apr 19, 2006 at 07:57:06PM +0200, Paul Wouters wrote:
> On Wed, 19 Apr 2006, peters at exemplar-associates.com wrote:
> > I just did a search for lsipsectool and I had read some of it before
> > but it looked too complicated for what I needed. I assume then that
> > it is a replacement for ipsec.
> It is not a replacement for ipsec. lsipsectool.exe and ipsec.exe both just
> drive the microsoft IPsec stack and the microsoft PolicyAgent.

Incidentally, you could always use Microsoft's own tools for this:
ipseccmd.exe (XP) or ipsecpol.exe (Win2K)

ipseccmd.exe is available for install from the \support\tools directory
on the XP SP2 CD-ROM: for info see the -h help output or

ipsecpol.exe for 2K is available as a download:

Once you've read the help they're rather straightforward to use. For

  ipseccmd -f 0+* -a PRESHARE:"foobar"

sets up a bidirectional transport mode policy for all traffic from this host
to any other host on the Internet, requiring them to use IPSEC authenticated
by the given preshared key. For sending all traffic down a tunnel instead,

  ipseccmd -f 0=* -t $remip -a PRESHARE="..."    # $remip = tunnel far end
  ipseccmd -f *=0 -t $myip -a PRESHARE="..."     # $myip = tunnel local end

But if you want to do tunneling with dynamic endpoints, you're probably
better off using L2TP over IPSEC transport mode.



More information about the Users mailing list