[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
VPN: solutions that interoperate with win xp
- To: misc_(_at_)_openbsd_(_dot_)_org
- Subject: VPN: solutions that interoperate with win xp
- From: <dick_(_at_)_uchicago_(_dot_)_edu>
- Date: Sun, 18 Dec 2005 19:23:23 -0600
i've been grinding away to get a VPN setup where i can have win xp clients
connect to my openbsd firewall and access the network behind it. i have tried a
number of things, none of which have yet worked for all my users. i am very much
interested in hearing from other admins who have currently working solutions
along these lines. i have setup isakmpd between my home and my business
location, so i know i am not a complete idiot when it comes to this stuff ;).
when i tried to use the native windows IPsec implementation, both as described
in http://openbsd.cz/~pruzicka/vpn.html and through the confusing GUI, i was not
able to get anywhere. when i used ipseccmd.exe, it would not give me any useful
debugging outputs and crashed a couple times while i was trying to set this up.
i would very much like to have a setup using the native IPsec in win xp, but am
utterly in the dark as to the win xp configuration side of things.
i have also setup openvpn, which works great for me from home, and i have been
able to successfully get this working. however, one of the users that connects
to my VPN is having problems making openvpn and his kerio firewall "play nice",
and a working openvpn configuration cannot survive a reboot due to win xp being
such a great OS.
i am also aware of "the green bow" VPN client that is known to interoperate with
isakmpd. i have avoided using this solution since i know it to be a resource hog
on win xp. anybody else's views on this software would be nice.
anything that you think could help me get a VPN with win xp talking to my
openbsd firewall would be awesome. i would love a "howto" for the win xp boxes,
but a smack with the cluestick is likely all i need. it would be nice for this
to NOT use certificates, as i'd like to get a shared secret setup working first,
then switch to certs later.