[Openswan Users] Creating Win XP vpn connection

John Riley jriley at dsbscience.com
Thu Apr 20 10:58:27 CEST 2006

>I set 
>up a service which users can stop and start and which starts and stops ipsec.

Yes, I did that, too.  I initially wanted the VPN stuff to be 
transparent to the users.  This, however, became extremely inconvenient 
when troubleshooting some other problems that came up later.  In the 
end, for us, it just became 'better' to let them have an icon on the 
desktop and click it to connect to the home office.

>I am very satisfied, because I was able to write a batch file, by which I can 
>prevent user to run ipsec.exe when he is connected directly to the network. I 
>was excepting troubles when he run ipsec.exe when connected directly to the 
>network. Is this also possible with lsipsectool? I am not familiar with it.

I have not played around with using batch files to start/stop 
lsipsectool, so I cannot comment.  I don't know if you can pass it a 
parameter to tell it to 'start' the connection upon startup; truthfully, 
I've not seen any docs on it, so had to figure it out by doing (which 
was not hard).

Just out of curiousity, which OpenSwan version are you using?  I had 
some problems with the ipsec.exe client and rekeying with the version I 
was using originally (2.3.1), and this was not showing up when the 
clients were connected by LAN to the server for testing.  I upgraded 
OpenSwan and changed to lsipsectool and the tunnels are more stable.

John S. Riley, Ph.D.
DSB Scientific Consulting

More information about the Users mailing list