[Openswan Users] Antw: Re: Antw: Re: Plain IPSec tunnel / NAT-T with Vista
Uwe Knop
Uwe.Knop at lds.brandenburg.de
Tue Nov 11 12:52:21 EST 2008
Sorry, it was an inspiration not the solution.
bye uwe
>>> Marek Greško <gresko at thr.sk> 11.11.08 16.49 Uhr >>>
Dňa Ut 11. november 2008 ste napísali:
> Hi,
>
> unfortunately with DOS commands
>
> preperation:
> netsh advfirewall set global mainmode
> mmsecmethods dhgroup14:aes256-sha1,aes128-sha1,3des-sha1
>
> delete old Policy:
> netsh advfirewall consec del rule
> name="StrongSwan"
>
> create new Policy (with pfs=yes"):
> netsh advfirewall consec add rule
> name="StrongSwan" enable=yes mode=tunnel
> localtunnelendpoint=192.168.100.10 remotetunnelendpoint=192.168.100.1
> endpoint1=192.168.100.10 endpoint2=10.0.0.0/8 action=requireinrequireout
> qmsecmethods=esp:sha1-aes256,esp:sha1-aes128,esp:sha1-3des
> auth1=computercert auth1ca="C=DE, O=...,OU=..." qmpfs=mainmode
>
> bye
> UK
Great it suffices.
May I ask for some clarification?
Should localtunelendpoit be filled in? If I understand correctly, it is local
IP adress, endpoint1 is the same.
For more tunnels should I only add create new policy with different name?
Thank you.
Marek
More information about the Users
mailing list