From: Bruno S. Delbono (bruno.s.delbonomail.ac)
Date: Fri Jul 01 2005 - 20:36:56 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> C. L. Martinez wrote:
> > Ok, but if i would like use windows ipsec native client. How can I
> > assign virtual ip???
> > Or somebody knows any free vpn client taht works with virtual ip and
> > x509 certs???
>
> AFAIK, the windows native client does not support virtual IPs. I'm not
> aware of a free client that handles both IKECFG and x509. You might
want
> to take a look at Greenbow. They produce a windows VPN client based
off
> isakmpd. It's priced at 58 euros.

IKE-mode is good but can be buggy with some clients. The best Windows
clients for a pure IPSec connection are:

a) Safenet (OEM) SoftRemote version 10.x (versions 9.x do not support
AES). * Danke Harondel! *. Safenet supports PSK "and" X509 certs. It has

very good support and stability and I believe is the best of the bunch.

b) SSH.com's Sentinel Client 1.4.1 - This was the last release and is
not longer available. However, you can find copies all over the net. (I
do not want to paste direct links to the ftp site). Very good support
for most configurations (PSK, X509) and also supports ike-mode
configuration ( DHCP over IPSec). However, it's completely unsupported
AFAIK.

c) The GreenBow VPN Client - http://www.thegreenbow.com/vpn_tool.html -
This is newest kid on the block. It's simple, fast, flexible and
supports all encryption types.

However, in my experience it's not stable. I ran it on Windows XP SP1 +
Patches and each time my laptop would find and connect to another
wireless AP, I would get a BSOD. Remove Greenbow and the problem goes
away..

This is the only software I've found that can crash Windows XP that
easily! It supports X509 certs, but it's not as easy to get them
working. The links for tools for playing/extracting p12 x509 certs are
broken on thegreenbow.com's website. If you want, I can forward you the
copy of the tools. I cannot seem to have more than one X509
certificate/Root CA for it to work. So if you have more than one VPN
connections, you may be out of luck.

You can download an eval copy and play with the software and see if
would fit your needs.

I also happened to find an interesting project on freshmeat.net today:
3SP's SSL-Explorer (GPL) - http://3sp.com/showSslExplorer.do

SSL-Explorer is the world's first open-source SSL VPN solution of its
kind. This unique remote access solution provides users and businesses
alike with a means of securely accessing network resources from outside
the network perimeter using only a standard web browser.

It's pretty neat actually!

Anyways, my two cents.

Warm Regards,

-Bruno

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]