[strongSwan] Older Windows Clients

Martin Willi martin at strongswan.org
Tue Apr 2 10:23:23 CEST 2013

Hi Eric,

> I see that Vista support appears possible [...]. It would do this via
> Windows firewall rules. This is rather different than the way I set up
> Windows 7, which was through Windows "Set up a connection or network"
> GUI.

It should be possible to set up a VPN connections through the Windows
firewall, both in XP and Vista. These connections use IKEv1, and are not
really designed for remote access. No virtual IP is requested, making it
difficult to integrate the clients properly in the target network.

> Regarding XP, does Strongswan support the native XP VPN client (again,
> via Windows' "Setup a connection or network" wizard) at all? I have
> been unable to find any guides online.

Starting with Windows 7, Microsoft added support for IKEv2 in these
remote access profiles. This works very well with strongSwan. Earlier
Windows releases didn't have support for IKEv2. You can use the
L2TP/IPsec profile, but it requires an L2TP daemon, strongswan would
only terminate the IPsec transport mode (using IKEv1).

I can't recommend the use of L2TP/IPsec, instead I'd try a third party
Windows IPsec client for pre Windows 7 systems. The free Shrew client is
known to work fine.


More information about the Users mailing list