[Openswan Users] Creating Win XP vpn connection

[MarekGreško]

Dňa Št 20. Apríl 2006 15:58 John Riley napísal:
> >I set
> >up a service which users can stop and start and which starts and stops
> > ipsec.
>
> Yes, I did that, too.  I initially wanted the VPN stuff to be
> transparent to the users.  This, however, became extremely inconvenient
> when troubleshooting some other problems that came up later.  In the
> end, for us, it just became 'better' to let them have an icon on the
> desktop and click it to connect to the home office.

Yes, I did also the icon on the desktop which was a shortcut to the bat file 
which run
net stop vpn
net start vpn

> >I am very satisfied, because I was able to write a batch file, by which I
> > can prevent user to run ipsec.exe when he is connected directly to the
> > network. I was excepting troubles when he run ipsec.exe when connected
> > directly to the network. Is this also possible with lsipsectool? I am not
> > familiar with it.
>
> I have not played around with using batch files to start/stop
> lsipsectool, so I cannot comment.  I don't know if you can pass it a
> parameter to tell it to 'start' the connection upon startup; truthfully,
> I've not seen any docs on it, so had to figure it out by doing (which
> was not hard).

Don't you have the problem when they come directly into the office and 
accidentaly run IPsec? I had this one before preventing to run the ipsec.exe 
by bat files.

> Just out of curiousity, which OpenSwan version are you using?  I had
> some problems with the ipsec.exe client and rekeying with the version I
> was using originally (2.3.1), and this was not showing up when the
> clients were connected by LAN to the server for testing.  I upgraded
> OpenSwan and changed to lsipsectool and the tunnels are more stable.

I was using openswan version since 2.2.0 throuch 2.3.1 till 2.4.4 for now.

-- 
Marek Greško