<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 14 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";
mso-fareast-language:EN-US;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-AU" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal">Hi,<o:p></o:p></p>
<p class="MsoNormal"> Can someone tell me if the following is doable? I’d like to be able to provide a transport mode connection to a single server for a pool of Windows vista/7 road warriors – who may or may not be behind NAT depending on the
day.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">The end users are the roaming users for a customer of mine, and they’re opposed to VPN’s for complexity and maintenance reasons – however I have a need to provide secure access to applications running on a server I host for them. I had
hoped to use the windows firewall connection profiles to start a tunnel mode connection, which to the end user would be essentially transparent and hopefully negate some of the pushback against VPN’s.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">All the strongswan documentation seems to refer to tunnel mode, and the windows examples in particular seem to hard code end point IP addresses – I don’t think that’s going to work for roaming users.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">For my lab setup I’ve been attempting to start a connection using preshared keys, but I can’t get past “initial Main Mode message received on 203.89.x.x:500 but no connection has been authorized with policy=PSK” in the pluto logs.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">My ipsec.conf is pretty simple:<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">conn winclient<o:p></o:p></p>
<p class="MsoNormal"> type=transport<o:p></o:p></p>
<p class="MsoNormal"> left=%defaultroute<o:p></o:p></p>
<p class="MsoNormal"> right=%any<o:p></o:p></p>
<p class="MsoNormal"> authby=secret<o:p></o:p></p>
<p class="MsoNormal"> pfs=no<o:p></o:p></p>
<p class="MsoNormal"> auto=add<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Can anyone provide assistance with this setup?<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Many thanks.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Tristan<o:p></o:p></p>
</div>
<br>
<br>
<table style="LINE-HEIGHT: 22px; WIDTH: 650px; FONT-FAMILY: Calibri; COLOR: #3f3f3f; FONT-SIZE: 13px" border="0" cellspacing="0" cellpadding="0" width="624">
<tbody>
<tr>
<td width="160" align="middle"><img border="0" alt="Pronto Hosted Services" src="cid:phs-logo4ff.png" width="140" height="54"><br>
</td>
<td style="PADDING-LEFT: 20px" width="490">
<table style="LINE-HEIGHT: 15px; WIDTH: 470px; FONT-FAMILY: Calibri; COLOR: #3f3f3f; FONT-SIZE: 13px" border="0" cellspacing="0" cellpadding="0" width="100%">
<tbody>
<tr>
<td style="COLOR: #20558a; FONT-SIZE: 15px"><b>Tristan Ball</b> - Hosted Services Manager VIC</td>
</tr>
<tr>
<td>Pronto Hosted Services</td>
</tr>
<tr>
<td>20 Lakeside Drive, Burwood East, VIC 3151</td>
</tr>
<tr>
<td>Phone: +61 3 9887 7770 | Email: <a href="mailto:tristanb@pronto.com.au">tristanb@pronto.com.au</a></td>
</tr>
<tr>
<td>Mobile: +61 408 397 473</td>
</tr>
</tbody>
</table>
</td>
</tr>
<tr>
<td colspan="2">
<p><br>
<img alt="" src="cid:personal298a.png" width="587" height="1"><br>
For PHS helpdesk support, please email <a href="mailto:phs@pronto.com.au">phs@pronto.com.au</a><br>
For urgent after hours support phone: 1800 622 556</p>
</td>
</tr>
</tbody>
</table>
<p></p>
<br>
<p><font color="#a0a0a4" size="1" face="Calibri"><img style="WIDTH: 624px; HEIGHT: 1px" border="0" hspace="0" alt="" src="cid:personal240e3.png" width="587" height="1">
<table style="WIDTH: 624px" border="0" cellspacing="0" cellpadding="0">
<tbody>
<tr>
<td>
<p><font color="#a0a0a4" size="1" face="Calibri">---Legal Notice---<br>
The email message and any attachments are confidential and subject to copyright. If you are not the intended recipient, any use, interference with, disclosure or copying of this material is unauthorised and prohibited. No part may be reproduced, adapted or
transmitted without the written permission of the copyright owner. If you have received this email in error, please immediately advise the sender by return email and delete the message from your system. Before opening or using attachments, check for viruses
and defects. Our liability is limited to re-supplying any affected attachments.</p>
</font></td>
</tr>
</tbody>
</table>
</font><font color="#a0a0a4" size="1" face="Calibri"><img style="WIDTH: 624px; HEIGHT: 1px" border="0" hspace="0" alt="" src="cid:personal255dc.png" width="624" height="1"></font>
<br>
</p>
<br>
</body>
</html>