[Openswan Users] Creating Win XP vpn connection
jriley at dsbscience.com
Thu Apr 20 10:58:27 CEST 2006
>up a service which users can stop and start and which starts and stops ipsec.
Yes, I did that, too. I initially wanted the VPN stuff to be
transparent to the users. This, however, became extremely inconvenient
when troubleshooting some other problems that came up later. In the
end, for us, it just became 'better' to let them have an icon on the
desktop and click it to connect to the home office.
>I am very satisfied, because I was able to write a batch file, by which I can
>prevent user to run ipsec.exe when he is connected directly to the network. I
>was excepting troubles when he run ipsec.exe when connected directly to the
>network. Is this also possible with lsipsectool? I am not familiar with it.
I have not played around with using batch files to start/stop
lsipsectool, so I cannot comment. I don't know if you can pass it a
parameter to tell it to 'start' the connection upon startup; truthfully,
I've not seen any docs on it, so had to figure it out by doing (which
was not hard).
Just out of curiousity, which OpenSwan version are you using? I had
some problems with the ipsec.exe client and rekeying with the version I
was using originally (2.3.1), and this was not showing up when the
clients were connected by LAN to the server for testing. I upgraded
OpenSwan and changed to lsipsectool and the tunnels are more stable.
John S. Riley, Ph.D.
DSB Scientific Consulting
More information about the Users