Hi,
Can someone tell me if the following is doable? I'd like to be
able to provide a transport mode connection to a single server for a pool of
Windows vista/7 road warriors - who may or may not be behind NAT depending on
the day.
The end users are the roaming users for a customer of mine, and they're opposed
to VPN's for complexity and maintenance reasons - however I have a need to
provide secure access to applications running on a server I host for them. I
had hoped to use the windows firewall connection profiles to start a tunnel
mode connection, which to the end user would be essentially transparent and
hopefully negate some of the pushback against VPN's.
All the strongswan documentation seems to refer to tunnel mode, and the windows
examples in particular seem to hard code end point IP addresses - I don't think
that's going to work for roaming users.
For my lab setup I've been attempting to start a connection using preshared
keys, but I can't get past "initial Main Mode message received on
203.89.x.x:500 but no connection has been authorized with policy=PSK" in the
pluto logs.
My ipsec.conf is pretty simple:
conn winclient
type=transport
left=%defaultroute
right=%any
authby=secret
pfs=no
auto=add
Can anyone provide assistance with this setup?
Many thanks.
Tristan
[Pronto Hosted Services]
Tristan Ball - Hosted Services Manager VIC
Pronto Hosted Services
20 Lakeside Drive, Burwood East, VIC 3151
Phone: +61 3 9887 7770 | Email:
[email protected]<mailto:[email protected]>
Mobile: +61 408 397 473
For PHS helpdesk support, please email
[email protected]<mailto:[email protected]>
For urgent after hours support phone: 1800 622 556
---Legal Notice---
The email message and any attachments are confidential and subject to
copyright. If you are not the intended recipient, any use, interference with,
disclosure or copying of this material is unauthorised and prohibited. No part
may be reproduced, adapted or transmitted without the written permission of the
copyright owner. If you have received this email in error, please immediately
advise the sender by return email and delete the message from your system.
Before opening or using attachments, check for viruses and defects. Our
liability is limited to re-supplying any affected attachments.
<<inline: phs-logo4ff.png>>
<<inline: personal298a.png>>
<<inline: personal240e3.png>>
<<inline: personal255dc.png>>
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
