---- Original message ---- >Date: Fri, 28 Jul 2006 14:28:44 +0200 >From: Hekan Olsson <[EMAIL PROTECTED]> >Subject: Re: VPN help needed: OpenBSD in the corporate environment instead of Linux >To: jeraklo <[EMAIL PROTECTED]> >Cc: misc@openbsd.org > >On 28 jul 2006, at 14.09, jeraklo wrote: >> >> So, you are saying that pf(4), ipsec(4), ipsecctl(8), >> and maybe vpn(8) is all I need ? Do I have to make > >That's a good start, yes. Plus it should be fairly easy to find >configuration examples for setups like this. > >> some special tweakings on the windows client machines >> in order to run the VPN, or is ti just a matter of >> some default configuration ? > >There is an IPsec implementation in Windows, but configuring it is >something else again. It's been a few years since I experimented with >it last, but it was "no fun" then, at all. If you search for it, >you'll probably find some references on how to set it up on the net. >I figure most people using IPSec on Windows end up using some kind of >IPSec client software... >
if you search the archives, there are a number of threads discussing windows xp interoperating with openbsd's isakmpd. using ipseccmd.exe on winxp is one option, it's in the archives. a problem i've noted with ipseccmd.exe is that the connection doesn't show up in winxp's routing table and can be annoying to firewall, assuming you're using windows for firewalling. a recent post on how to do this using ipsec.conf that i haven't yet had opportunity to try out myself is: http://marc.theaimsgroup.com/?l=openbsd-misc&m=115217425632214&w=2 i'm not sure about the status of road warrior support (e.g. feral kid with metal boomerang) for ipsec.conf rules, hakan would likely know what's up with that. cheers, jake >/H