[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
Hi Guys, I am having serious problems with my VPN setup at work. Debian Stable with openswan, has been working fine, does work fine with debain unstable/openswan (as a client). Chuck a windows XP client in the mix and it will not connect to the server, the IKE handshake fails with out even the ident being confirmed. I have tried reducing the X509 cert size and watched the handshake with tcp-dump to rule out MTU problems. I thought the problem may be to do with having the server behind a NAT (microsoft since SP2 consider this a security risk), tried the registry tweak for the XP machine, no luck. Now i have bought a VPN router so my IPSEC server has a public ip address but this behaves exactly the same as openswan and the client does not connect. A Vigor ADSL security router, a lovely little box with loads of good features highly recomended. Currently i have resorted to using pptp with 128bit MPE encryption and strong usernames and passwords (ie totaly random and many characters for both parts). Anybody seen or heard anything about MS breaking the ipsec standard recently or is this something else (a second laptop does the same thing with XP SP2 as well when connecting to openswan however)? And is this pptp and 128bit MPE any good, i have seen not so good reports out on the net but can i rely on it? I know its not as good as X509 and ipsec as this has perfect forward security and other stuff. Idealy i want to get L2TP working over ipsec but this seems totaly broken from the MS end of things either to my new router or a l2tpd on the debian box. Regards Robin
Attachment:
signature.asc
Description: OpenPGP digital signature