[strongSwan] Minimal Windows Configuration with strongSwan
Noel Kuntze
noel at familie-kuntze.de
Fri Jul 31 15:55:32 CEST 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hello David,
Then you need to buy a certificate with SAN fields from a public CA, as that
is needed to authenticate the server to the client any scenario. Windows
doesn't support PSK authentication for roadwarrior type connections
in any scenario for a good reason.
Look at the documentation for interoperability for Windows 7 and newer
on the wiki[1]. You probably want option C. Using a certificate
from a public CA should work around the need to import a
CA certificate on the client.
[1] https://wiki.strongswan.org/projects/strongswan/wiki/Windows7
Mit freundlichen Grüßen/Kind Regards,
Noel Kuntze
GPG Key ID: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
Am 31.07.2015 um 07:03 schrieb David McLaughlin:
> I would like to have a strongSwan gateway set up for VPN with Windows 7 or better clients and have the clients have minimal configuration.
>
> In particular, I *don't* want my users to
> 1) have to install non-native VPN clients.
> 2) install certificates onto their machine.
>
> It would also be nice to
> 1) not do anything in DNS except set A or CNAME records.
>
> So, from the client point of view, they start Windows, enter the gateway hostname, a username and password, and perhaps a pre-shared key and that is it.
>
> I've tried many, many things on the strongSwan side---nothing has worked yet.
>
> Has anyone been successful at this?
>
> Thanks,
> David McLaughlin
>
>
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCAAGBQJVu35UAAoJEDg5KY9j7GZYJlAQAIwJnpfz601MNIlzOPlj/1OY
fJPpecx3NdeIsSnePn6eU6iUQrYxFK/rYoaC4r6lMvob/pLfXhOb0lBLiAQC3oBv
dlDUpsfyt7CJ4BJ8+S9bHbFjiUf1fSm5rwPY3f0tn9GOwDaHQsXdyr07EXo7Q4zD
LcWgm5eI4339/lHV+JFaqV+9VN70HK7N3OSFNfFcfRHQg9Wy2wXMSbTvPzaFAZM0
UemSA2v5SinaEoCRnh8n0LKcU+WbhkCPkUiVyJkUtbsB4dj1yrUc07tiPT72mkF8
kmqmeO1+wj+1QLLE6kxPm/2Nfn9pdN5IXFfhHqpYryX0gEVdHSyXPT/6PQmnmFgI
w65rx3ihhnCIDmiHNesQ6DWHmaJWAM2q2G16KSdPX2WJp5mvzijbGWM4XfH4rrwa
pPl1SJyhIjDcOctbRz9eHHEA8cUh22XGci0r4Ba+DlLwEA6fur1vDp/61N7i37SC
aWv03pBtdC2vA77jEdw+HzNNue2fyhtK5FfxATWsGGBNc7Oou9quQknOz6pg/6IB
zMDBEtyag1JlpZTZuWiAcpwIRcpPPNNuTw4qzrf6KatEZlR1v3zcgzs4OigV9saZ
M0cObiQcKI3MC46h06tVhtrhdo89fcE9GVcwQs1U3sm+l2mmjRJ1M+KbZNY54d3r
BUKCg4xdixdoNpyeST32
=fc23
-----END PGP SIGNATURE-----
More information about the Users
mailing list