Hi Matthew, I would need to have a visible, dedicated NIC for Shrew (even better, one for each connection). I then apply static routes in Windows 2003 (or 2008) RRAS to that NIC. That allows *any* PC on my network to use the connection, once established, as if it were a VPN routing device.
As example, Cisco VPN creates a single virtual NIC as soon as its connection is established. But having it integrated into RRAS means that it closes the connection on each network change, which is any other RRAS connection change. And it only allows for one Cisco connection at any time. Another example is OpenVPN, which needs at least one TAP/TUN adapter installed (choosing a free one if there are more than one on connect). But you can also bind a fixed one to OpenVPN configs. Again, those NICs are (reasonable) easy to establish routes on, even with RRAS. I know this is a freaky design, but my way to handle folks forcing us to use restrictive or exotic VPN clients instead of our SSG. Clemens -----Original Message----- From: Matthew Grooms [mailto:[email protected]] Sent: Friday, May 24, 2013 7:14 PM To: Q Cc: [email protected] Subject: Re: [vpn-help] New 2.2.1 RC-2 Available ... On 5/24/2013 6:39 AM, [email protected] wrote: > Hi Matthew, > > Tested the RC against Juniper SSG 6.3.0r13 with SHA-2 (256 bit) with > success. Since r7 Juniper changed to RFC4868, and the 2.2.0 did not > work (encrypted packets discarded by SSG for obvious reasons). Thanks > for the great work! > > > BTW, for use as Professional "Enterprise" Edition I would definitely > need a routable network device, no virtual one. And multiple > connections or multiple clients. I would be sooooo happy to replace > the Cisco VPN Client used on a Windows OS Router to allow for > centralized dial-in to customers ... I know this will not happen in > the near feature, but hope is the last (thing) to die :D. > Hi Clemens, Thanks so much for the testing and feedback. With respect to your need for a "routable network device", can you elaborate a this a bit? Do you mean that you need a network appliance that has the functionality of a VPN client, but will also route multiple clients from a private network through the VPN tunnel? Thanks, -Matthew _______________________________________________ vpn-help mailing list [email protected] https://lists.shrew.net/mailman/listinfo/vpn-help
