Hi Stevie, strongSwan meets most if not all of your requirements.
Stevie K wrote: > ° Key exchanges using Internet PKIs Please explain what you mean by that. Here's a quote from strongSwan's feature list that might be related to this requirement. - Authentication based on X.509 certificates or preshared keys - Retrieval and local caching of Certificate Revocation Lists via HTTP or LDAP - Full support of the Online Certificate Status Protocol (OCSP, RCF 2560). - CA management (OCSP and CRL URIs, default LDAP server) - Powerful IPsec policies based on wildcards or intermediate CAs - Group policies based on X.509 attribute certificates (RFC 3281) > Is this possible with strongSwan and are there any HOWTOs? Please check http://wiki.strongswan.org/projects/show/strongswan and http://www.strongswan.org/docs.htm The latter might be a little bit out-dated but still contains a very good tutorial. > What VPN client software is available for Windows XP that can be used with > strongSwan? I successfully used NCP Secure Entry Client (Win32/64) which is unfortunately pretty expensive (142.80 EUR per license). There might be other clients for WinXP as well. You might even use the native L2TP/IPsec client of Windows XP although the setup is a bit nasty in my opinion. It also has some (security) problems. You might also be able to use Ciscos VPN client although there are license/legal issues. Check http://wiki.strongswan.org/wiki/strongswan/Autoconf for --enable-cisco-quirks -Daniel _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
