> C. L. Martinez wrote: > > Ok, but if i would like use windows ipsec native client. How can I > > assign virtual ip??? > > Or somebody knows any free vpn client taht works with virtual ip and > > x509 certs??? > > AFAIK, the windows native client does not support virtual IPs. I'm not > aware of a free client that handles both IKECFG and x509. You might want > to take a look at Greenbow. They produce a windows VPN client based off > isakmpd. It's priced at 58 euros.
IKE-mode is good but can be buggy with some clients. The best Windows clients for a pure IPSec connection are: a) Safenet (OEM) SoftRemote version 10.x (versions 9.x do not support AES). * Danke Harondel! *. Safenet supports PSK "and" X509 certs. It has very good support and stability and I believe is the best of the bunch. b) SSH.com's Sentinel Client 1.4.1 - This was the last release and is not longer available. However, you can find copies all over the net. (I do not want to paste direct links to the ftp site). Very good support for most configurations (PSK, X509) and also supports ike-mode configuration ( DHCP over IPSec). However, it's completely unsupported AFAIK. c) The GreenBow VPN Client - http://www.thegreenbow.com/vpn_tool.html - This is newest kid on the block. It's simple, fast, flexible and supports all encryption types. However, in my experience it's not stable. I ran it on Windows XP SP1 + Patches and each time my laptop would find and connect to another wireless AP, I would get a BSOD. Remove Greenbow and the problem goes away.. This is the only software I've found that can crash Windows XP that easily! It supports X509 certs, but it's not as easy to get them working. The links for tools for playing/extracting p12 x509 certs are broken on thegreenbow.com's website. If you want, I can forward you the copy of the tools. I cannot seem to have more than one X509 certificate/Root CA for it to work. So if you have more than one VPN connections, you may be out of luck. You can download an eval copy and play with the software and see if would fit your needs. I also happened to find an interesting project on freshmeat.net today: 3SP's SSL-Explorer (GPL) - http://3sp.com/showSslExplorer.do SSL-Explorer is the world's first open-source SSL VPN solution of its kind. This unique remote access solution provides users and businesses alike with a means of securely accessing network resources from outside the network perimeter using only a standard web browser. It's pretty neat actually! Anyways, my two cents. Warm Regards, -Bruno