Hello Guys,

Let me introduce myself real quick:

My name is Jan and I'm as Student as IT-Systems-Administrator.

My final project is about IPSec. I bought a couple of books explaining the
technical facts of IPSec, and one book, which gets into using freeswan and
openswan.

This is my setup:

(company network) ----[VPN-Gateway]-----(Internet)-----{Road warrio
r}

The road warriors are only running Windows 2000 and XP (Patched as of
today).

So what I want to do is give the road warrior an IP address from our company
network, so that they "become a part of the network".

So what I got out of my books is that I need to use l2tp over ipsec to have
a connection as described above.

So here comes my first question:

I know that ipsec is layer 3, and l2tp is layer 2 - but I know that there is
a way to connect using the ipsec stack in windows. I used markus mueller's
ipsec tool and got a working connection.

But is there also a way to make him "part of the network" and give him one
of the company's IP-addresses? I know of "DHCP over ipsec" but don't you
need a separate NIC for that?

Is the only good way to get that to work l2tp over ipsec?

So what I did I followed the instructions in my book and on the excellent
page (http://www.jacco2.dds.nl/networking/freeswan-l2tp.html). And I finally
got a connection using X509 Certs and Windows XP (sp2).

But when I use Windows 2000 (sp4) the l2tp connection worked but he doesn't
even try to authenticate with ipsec.

So what I would like to know is how does Windows know which certificate it
should use for the ipsec connection - in Windows XP everything works just
fine - but how?

I know this is a long e-mail and sorry for bothering you with my problems!

Thanks a lot for taking the time to read through this.

I know that I did not attach any config files and log files - I think that I
don't need to since I just got some universal questions.

Thanks guys,

Jan

[ Post a follow-up to this message ]