[Openswan Users] Ipsec VPN from windows machines
news8080 at yahoo.com
Thu Apr 3 13:34:34 EDT 2008
I finally got it working with strong-swan but its not
without issues, the problem is that when a nat client
makes a disconnect request, the connection entry is
deleted for that public ip alltogether from the
strongswan side and no one else can 'keep' their
I have at this point given up on making it work like
this, the way I see it, if 50 users are connecting in,
it justifies a $100 at bestbuy.
For home users the theory is that it will work if
there is only one person is connecting in, if more
then they'll have to buy a linksys box too.
Thanks marko for your help, it was a good learning
exp. (xfrm/slackware etc) if nothing else.
--- Marco Berizzi <pupilla at hotmail.com> wrote:
> Agent Smith wrote:
> > yup, did it manually before each restart and its
> > windows native ipsec via 'IP Security Policy on
> > Computer' snap-in.
> I think this is a windows bug. Your policies are
> all /32 <=> /32 and I think windows xp will create
> a transport mode ipsec sa instead of a tunnel mode
> This is confirmed by the ip -s x p output:
> src 146.9.nat.router/32 dst 146.9.osw.box/32 uid 0
> dir in action allow index 504 priority 2080 share
> 16393(0x00004009) mode transport
> Could you try to build a policy like this:
> windows xp ip address/32 <==> 192.168.25.0/29
> conn CERT-29
You rock. That's why Blockbuster's offering you one month of Blockbuster Total Access, No Cost.
More information about the Users