> C. L. Martinez wrote:
> > Ok, but if i would like use windows ipsec native client. How can I
> > assign virtual ip???
> > Or somebody knows any free vpn client taht works with virtual ip and
> > x509 certs???
> 
> AFAIK, the windows native client does not support virtual IPs. I'm not
> aware of a free client that handles both IKECFG and x509. You might
want
> to take a look at Greenbow. They produce a windows VPN client based
off
> isakmpd. It's priced at 58 euros.

IKE-mode is good but can be buggy with some clients. The best Windows
clients for a pure IPSec connection are:

a) Safenet (OEM) SoftRemote version 10.x (versions 9.x do not support 
AES). * Danke Harondel! *. Safenet supports PSK "and" X509 certs. It has

very good support and stability and I believe is the best of the bunch.

b) SSH.com's Sentinel Client 1.4.1 - This was the last release and is 
not longer available. However, you can find copies all over the net. (I 
do not want to paste direct links to the ftp site). Very good support 
for most configurations (PSK, X509) and also supports ike-mode 
configuration ( DHCP over IPSec). However, it's completely unsupported 
AFAIK.

c) The GreenBow VPN Client - http://www.thegreenbow.com/vpn_tool.html - 
This is newest kid on the block. It's simple, fast, flexible and 
supports all encryption types.

However, in my experience it's not stable. I ran it on Windows XP SP1 + 
Patches and each time my laptop would find and connect to another 
wireless AP, I would get a BSOD. Remove Greenbow and the problem goes
away..

This is the only software I've found that can crash Windows XP that 
easily! It supports X509 certs, but it's not as easy to get them 
working. The links for tools for playing/extracting p12 x509 certs are 
broken on thegreenbow.com's website. If you want, I can forward you the 
copy of the tools. I cannot seem to have more than one X509 
certificate/Root CA for it to work. So if you have more than one VPN 
connections, you may be out of luck.

You can download an eval copy and play with the software and see if 
would fit your needs.

I also happened to find an interesting project on freshmeat.net today:
3SP's SSL-Explorer (GPL) - http://3sp.com/showSslExplorer.do

SSL-Explorer is the world's first open-source SSL VPN solution of its 
kind. This unique remote access solution provides users and businesses 
alike with a means of securely accessing network resources from outside 
the network perimeter using only a standard web browser.

It's pretty neat actually!

Anyways, my two cents.

Warm Regards,

-Bruno

Reply via email to