Hi Diego, I'm the one who started the thread you referenced. Until now I have had semi-success with XP, and it was a bit of a kludge. What we did was create a script that would poke around the registry to create a secondary IP address for the network card and assign it the address that the PC would have received if XP supported ModeConfig, and then create a tunnel IPsec policy between that address and the strongSwan gateway.
The reason to do that bit about the IP address is that if you just create the tunnels with the private IP you turn the problem of not conflict between two PCs within the same networks into the MUCH more problematic conflict between all the PCs from different networks that are all using, say, 192.168.1.2. I haven't been able to do the same in Vista yet, because Microsoft decided some day that tunnel mode is for routers and as such shouldn't be allowed behind NAT. The provided a Hotfix for that but I haven't been able to make it work. For 7 I guess it's best to investigate IKEv2. On Thu, Aug 26, 2010 at 10:27 PM, Diego Morales <[email protected]> wrote: > Hello, > > I have a strongswan (+ xl2tpd) road-warrior setup for windows native > L2TP/IPsec clients, > using PSK (I known that's not quite recommended for security, but I prefer to > stick > to it for now). > > It works, except for the case of two+ clients with the same valid address, > e.g. behind the same NAT device. The best thread I've found about it is this > one: > > https://lists.strongswan.org/pipermail/users/2009-June/003481.html > > So the question is, does anybody known of a success case for a setup like this > (multiple native windows XP/vista/7 clients behind nat on a strongswan > server)? > > Thanks in advance, > > -- > Diego Morales > Propus > http://www.propus.com.br > > _______________________________________________ > Users mailing list > [email protected] > https://lists.strongswan.org/mailman/listinfo/users > _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
