[strongSwan] Strong swan 5.1.1 and Windows XP

Martin Willi martin at strongswan.org
Wed Dec 10 11:24:37 CET 2014


> I have tried both using the native client of Windows XP (that does not
> connect at all)

The XP client configured through the RAS GUI uses L2TP/IPsec, that is a
L2TP tunnel protected by IPsec in transport mode using IKEv1. strongSwan
can handle the IPsec protection only, for L2TP you'll need a L2TP
daemon. There are probably some guides out there how to get that
working, but please be aware that there are some difficulties with NAT.

> and using two vpn clients, ShrewSoft and TauVPN, (that
> establish IKE phase 1 SA but fail at phase 2)

Shrew should actually work fine with strongSwan, but there is a large
bunch of authentication methods and other options to use. Please provide
some failure logs.

Haven't used TauVPN for a while; If you can configure the XP stack with
some standard IPsec using IKEv1 with certificate authentication, that
might work.

Given that XP has reached end-of-life anyway, I'm not sure if it is
worth the effort. If you really need XP support, Shrew is probably the
best option.


More information about the Users mailing list