Sign in with
Sign up | Sign in
Your question

Why would I need to purchase IPSec client software?

Last response: in Networking
Share
May 12, 2005 5:34:07 PM

Archived from groups: comp.dcom.vpn (More info?)

I'm looking into buying one of Netgear's Prosafe routers. They offer
VPN client software in addition to the routers
http://www.netgear.com/products/details/VPN01L_VPN05L.p....

Don't Win2k and XP come with IPsec client support? Would I need to
purchase the software in addition to the router to tunnel from a client
into the network served by the router? I'm asking not just for Windows
clients, but I'd also like to set up Linux IPSec clients as well.

Thanks.
Anonymous
May 12, 2005 8:42:49 PM

Archived from groups: comp.dcom.vpn (More info?)

The prosafe router is a VPN endpoint , what you need is an IPSEC
passthrough enabled router if you are going to have a VPN server
anyways. If the router is the endpoint buy the client it will make
your life much easier , XP's built in does not work with the Prosafe
series

On 12 May 2005 13:34:07 -0700, eel@javabox.com wrote:

>I'm looking into buying one of Netgear's Prosafe routers. They offer
>VPN client software in addition to the routers
>http://www.netgear.com/products/details/VPN01L_VPN05L.p....
>
>Don't Win2k and XP come with IPsec client support? Would I need to
>purchase the software in addition to the router to tunnel from a client
>into the network served by the router? I'm asking not just for Windows
>clients, but I'd also like to set up Linux IPSec clients as well.
>
>Thanks.
Anonymous
May 14, 2005 5:25:08 AM

Archived from groups: comp.dcom.vpn (More info?)

eel@javabox.com writes:
>I'm looking into buying one of Netgear's Prosafe routers. They offer
>VPN client software in addition to the routers
>http://www.netgear.com/products/details/VPN01L_VPN05L.p....

>Don't Win2k and XP come with IPsec client support? Would I need to
>purchase the software in addition to the router to tunnel from a client
>into the network served by the router? I'm asking not just for Windows
>clients, but I'd also like to set up Linux IPSec clients as well.

Win2k and WinXP know about IPsec manual key, and L2TP over IPsec
manual key (or even PPP auth with L2TP), but they don't know anything
what-so-ever about IKE keying with pre-shared secrets, or X.509 certifcates.

Most people find entering in your SA, and ESP associations and keys
all by hand and making sure they match quite a pain. Plus of course,
that doesn't let you have any sort of re-keying or revokion other
than shutting down that SA (after you remember which SA is which).
Related resources
Anonymous
May 14, 2005 7:47:58 AM

Archived from groups: comp.dcom.vpn (More info?)

Doug McIntyre wrote:
> eel@javabox.com writes:
>
>>I'm looking into buying one of Netgear's Prosafe routers. They offer
>>VPN client software in addition to the routers
>>http://www.netgear.com/products/details/VPN01L_VPN05L.p....
>
>
>>Don't Win2k and XP come with IPsec client support? Would I need to
>>purchase the software in addition to the router to tunnel from a client
>>into the network served by the router? I'm asking not just for Windows
>>clients, but I'd also like to set up Linux IPSec clients as well.
>
>
> Win2k and WinXP know about IPsec manual key, and L2TP over IPsec
> manual key (or even PPP auth with L2TP), but they don't know anything
> what-so-ever about IKE keying with pre-shared secrets, or X.509 certifcates.
>
> Most people find entering in your SA, and ESP associations and keys
> all by hand and making sure they match quite a pain. Plus of course,
> that doesn't let you have any sort of re-keying or revokion other
> than shutting down that SA (after you remember which SA is which).

Windows IPSec is very ugly for dial in client style functionality. It
was really designed for setting up a windows server with local LAN using
IPSec all controlled with group policy and a corporate certificate
authority.

It does work with certificates though only in the lan style environment
as I mentioned. For most uses over the internet it is inappropriate. I
have never bothered to do more than a lab implementation just to see how
ugly it was. The built in L2TP method can work but it has trouble with
NAT so I have never been able to deploy it, though I could see where it
might be useful on a restricted basis.

So, yes the windows built in ipsec support could likely be made to work
with the Netgear router but it is so inflexible that it's not a
practical way to implement an IPSEC VPN connection to a desktop PC. You
don't require the client that netgear sells, if you prefer to use
another vendors IPSec client you can probably make it work. I have
heard that support for this client software is not free from Netgear and
the documentation is not great so you may be disappointed with that
experience too. I believe many people are using these routers to make
network to network connections using 2 routers more than the client
"dialing" into the router type of connection. If you are interested in
a solution that is good at making VPN gateway to client software
connections then take a look at the Watchguard X line. They integrate
the router and the client software very nicely.


--
WARNING! Email address has been altered for spam resistance.
Please remove the -deletethispart-. section before replying directly.
Mike Drechsler (mike-newsgroup@-deletethispart-.upcraft.com)
May 26, 2005 11:21:10 PM

Archived from groups: comp.dcom.vpn (More info?)

davidl@yourmama.com wrote:
> The prosafe router is a VPN endpoint , what you need is an IPSEC
> passthrough enabled router if you are going to have a VPN server
> anyways. If the router is the endpoint buy the client it will make
> your life much easier , XP's built in does not work with the Prosafe
> series
>
> On 12 May 2005 13:34:07 -0700, eel@javabox.com wrote:
>
>
>>I'm looking into buying one of Netgear's Prosafe routers. They offer
>>VPN client software in addition to the routers
>>http://www.netgear.com/products/details/VPN01L_VPN05L.p....
>>
>>Don't Win2k and XP come with IPsec client support? Would I need to
>>purchase the software in addition to the router to tunnel from a client
>>into the network served by the router? I'm asking not just for Windows
>>clients, but I'd also like to set up Linux IPSec clients as well.
>>
>>Thanks.
>
>

We bought a D-Link DFL-200 VPN "endpoint" router. It works with the
Windows XP built-in VPN client (PPTP).

It also works with the GreenBow IPsec client (the only 3rd party client
that we tried).

A "side effect" of installing the GreenBow client is that when we use
the XP client, we can still browse the net (split-tunnel). Normally,
when VPN'ed with the XP client, you lose access to the net.

Note - we also looked into buying a Prosafe router, but Netgear didn't
answer our "20 VPN questions" email. D-Link did, so we bought from them
- and it works.

Ed
!