[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: VPN: solutions that interoperate with win xp
- To: misc_(_at_)_openbsd_(_dot_)_org
- Subject: Re: VPN: solutions that interoperate with win xp
- From: Dag Richards <dagrichards_(_at_)_speakeasy_(_dot_)_net>
- Date: Mon, 19 Dec 2005 18:48:03 -0800
Heinrich Rebehn wrote:
i've been grinding away to get a VPN setup where i can have win xp
connect to my openbsd firewall and access the network behind it. i
have tried a
number of things, none of which have yet worked for all my users. i am
interested in hearing from other admins who have currently working
along these lines. i have setup isakmpd between my home and my business
location, so i know i am not a complete idiot when it comes to this
when i tried to use the native windows IPsec implementation, both as
in http://openbsd.cz/~pruzicka/vpn.html and through the confusing GUI,
i was not
able to get anywhere. when i used ipseccmd.exe, it would not give me
debugging outputs and crashed a couple times while i was trying to set
i would very much like to have a setup using the native IPsec in win
xp, but am
utterly in the dark as to the win xp configuration side of things.
i have also setup openvpn, which works great for me from home, and i
able to successfully get this working. however, one of the users that
to my VPN is having problems making openvpn and his kerio firewall
and a working openvpn configuration cannot survive a reboot due to win
such a great OS.
i am also aware of "the green bow" VPN client that is known to
isakmpd. i have avoided using this solution since i know it to be a
on win xp. anybody else's views on this software would be nice.
anything that you think could help me get a VPN with win xp talking to my
openbsd firewall would be awesome. i would love a "howto" for the win
but a smack with the cluestick is likely all i need. it would be nice
to NOT use certificates, as i'd like to get a shared secret setup
then switch to certs later.
I have been successfully using the Windows XP native IPSec client for
some 2 years now. There is a good configuration tool at
http://vpn.ebootis.de/ which reads a configuration file and executes the
ipseccmd commands needed for setting up the tunnel. Latest version is
2.2, i am using 2.1.4.
You do need XP Service Pack 2. Also you must install the windows support
tools as mentioned on Marcus' web page. Note that if you already
installed them before installing SP2, you must also upgrade the support
tools after installing SP2.
As for windows debug output, look for "oakley log" in
This works with certificates (somewhat tricky to setup) as well as with
The tool mentioned by Henrich has worked for me quite well. I
have used it against a Linux freewswan server for three years, and OBSD
for the last six months. The following link eplains how to use x509
The script he provided on the page had a small type-o that prevented it
from working, he seems to have fixed it now. You will find certs to be
simple actually, more secure, and easier to manage.
Although I have yet to get a certificate revocation list to work with