[strongSwan] Minimal Windows Configuration with strongSwan
noel at familie-kuntze.de
Fri Jul 31 17:17:29 CEST 2015
-----BEGIN PGP SIGNED MESSAGE-----
There's a document about the certificate requirements:
Please take care to always address the mailing list as well.
Mit freundlichen Grüßen/Kind Regards,
GPG Key ID: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
Am 31.07.2015 um 17:15 schrieb David McLaughlin:
> This sounds most promising.
> I have tried to use a purchased wildcard certificate we have, but it sounds like you are saying there may be something I need to add to the cert or have on the cert to get it to work.
> Currently I have had to add the cert to my Windows client to get them to work.
> I have also tried using a self-signed certificate and creating a ca for it.
> On Fri, Jul 31, 2015 at 7:55 AM, Noel Kuntze <noel at familie-kuntze.de <mailto:noel at familie-kuntze.de>> wrote:
> Hello David,
> Then you need to buy a certificate with SAN fields from a public CA, as that
> is needed to authenticate the server to the client any scenario. Windows
> doesn't support PSK authentication for roadwarrior type connections
> in any scenario for a good reason.
> Look at the documentation for interoperability for Windows 7 and newer
> on the wiki. You probably want option C. Using a certificate
> from a public CA should work around the need to import a
> CA certificate on the client.
>  https://wiki.strongswan.org/projects/strongswan/wiki/Windows7
> Mit freundlichen Grüßen/Kind Regards,
> Noel Kuntze
> GPG Key ID: 0x63EC6658
> Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
> Am 31.07.2015 um 07:03 schrieb David McLaughlin:
> > I would like to have a strongSwan gateway set up for VPN with Windows 7 or better clients and have the clients have minimal configuration.
> > In particular, I *don't* want my users to
> > 1) have to install non-native VPN clients.
> > 2) install certificates onto their machine.
> > It would also be nice to
> > 1) not do anything in DNS except set A or CNAME records.
> > So, from the client point of view, they start Windows, enter the gateway hostname, a username and password, and perhaps a pre-shared key and that is it.
> > I've tried many, many things on the strongSwan side---nothing has worked yet.
> > Has anyone been successful at this?
> > Thanks,
> > David McLaughlin
> > _______________________________________________
> > Users mailing list
> > Users at lists.strongswan.org <mailto:Users at lists.strongswan.org>
> > https://lists.strongswan.org/mailman/listinfo/users
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
-----END PGP SIGNATURE-----
More information about the Users