IPSec VPN set up (Windows)

windows-7 vpn ipsec openbsd

Solution 1:

Use Windows Firewall's Connection Security Rules to configure IPsec on Windows 7.

Open the Start Menu, search for "Windows Firewall with Advanced Security". Open it. In the left-hand panel, right-click on "Windows Firewall with Advanced Security". Select "Properties". Open the tab labelled "IPsec Settings". Click on "Customize".

In the section labelled "Key exchange (Main Mode)", click "Customize".
Click "Add" and select "MD5" as the integrity algorithm, "AES-CBC 256" for the encryption algorithm, and "Diffie-Hellman Group 2" for the key exchange algorithm. Click "OK". Click "OK".

In the section labelled "Data protection (Quick Mode)", click "Customize".
Check "Require encryption for all connection security rules that use these settings".
Click "Add" and select "ESP", select "MD5" as the integrity algorithm, and select "AES-CBC 256" for the encryption algorithm.
Click "OK". Click "OK". Click "OK". Click "OK".

In the left-hand panel, right-click on "Connection Security Rules". Select "New Rule" Select "Tunnel". Click "Next>". Click "Next>". Click "Next>". Click "Add" and enter $dev_server. Click "OK". Click the upper "Edit" and enter $dev_server. Click on the lower "Edit" and enter $destination_peer. Click "Next>". Select "Advanced" and click "Customize". In the section labelled "First authentication", click "Add". Select "Preshared key". Enter the preshared key. Click "OK". Click "OK". Click "Next>". Click "Next>". Enter a name for the rule. Click "Finish"

EDIT: added steps to configure IPsec.

Solution 2:

alternately, use netsh advfirewall consec add rule from the command line. You get some useful help text when you type just that.

Note that you need the "advanced firewall" that comes with windows 7 professional (I think) and enterprise (I'm sure). I don't think it is part of the "home" edition.

It's a complicated topic, and the answer is going to depend on how the other end of your tunnel is configured. I'm not familiar with OpenBSD's ipsec implementation, but my guess is that you need to do "lan-to-lan" mode on windows, even though one of your endpoints is not a LAN, it's just a single machine. (technically, i guess it's a /32 LAN with one member :)

Related

linux/solaris kill many proccess with one command
Redmine served via Apache / Unicorn
Passing Client IP across Multiple Proxies
Dual delivery Google Apps and Postifx (server reject mail from my domain on google)
Syslog-ng duplicate log lines
Forward wildcard subdomain to same subdomain on different domain
Network In greater than Network Out?
Linux: limit specific port rate by combining tc with iptables does not work as expected
MySQL HA Solutions
How do I connect to my libvirt/qemu/guests ? (with no ip address)
VPN into multiple LAN Subnets
Nginx shared directives