[vpn-help] New 2.2.1 RC-2 Available ...

C.Hoffmann at ProSeS.de C.Hoffmann at ProSeS.de
Fri May 24 12:59:53 CDT 2013 

Hi Matthew,

I would need to have a visible, dedicated NIC for Shrew (even better, one for each connection).
I then apply static routes in Windows 2003 (or 2008) RRAS to that NIC. That allows *any* PC on my network to use the connection, once established, as if it were a VPN routing device.

As example, Cisco VPN creates a single virtual NIC as soon as its connection is established. But having it integrated into RRAS means that it closes the connection on each network change, which is any other RRAS connection change. And it only allows for one Cisco connection at any time.

Another example is OpenVPN, which needs at least one TAP/TUN adapter installed (choosing a free one if there are more than one on connect). But you can also bind a fixed one to OpenVPN configs. Again, those NICs are (reasonable) easy to establish routes on, even with RRAS.

I know this is a freaky design, but my way to handle folks forcing us to use restrictive or exotic VPN clients instead of our SSG.


Clemens


-----Original Message-----
From: Matthew Grooms [mailto:mgrooms at shrew.net] 
Sent: Friday, May 24, 2013 7:14 PM
To: Q
Cc: vpn-help at lists.shrew.net
Subject: Re: [vpn-help] New 2.2.1 RC-2 Available ...

On 5/24/2013 6:39 AM, C.Hoffmann at ProSeS.de wrote:
> Hi Matthew,
>
> Tested the RC against Juniper SSG 6.3.0r13 with SHA-2 (256 bit) with
> success. Since r7 Juniper changed to RFC4868, and the 2.2.0 did not
> work (encrypted packets discarded by SSG for obvious reasons). Thanks
> for the great work!
>
>
> BTW, for use as Professional "Enterprise" Edition I would definitely
> need a routable network device, no virtual one. And multiple
> connections or multiple clients. I would be sooooo happy to replace
> the Cisco VPN Client used on a Windows OS Router to allow for
> centralized dial-in to customers ... I know this will not happen in
> the near feature, but hope is the last (thing) to die :D.
>

Hi Clemens,

Thanks so much for the testing and feedback. With respect to your need 
for a "routable network device", can you elaborate a this a bit? Do you 
mean that you need a network appliance that has the functionality of a 
VPN client, but will also route multiple clients from a private network 
through the VPN tunnel?

Thanks,

-Matthew

More information about the vpn-help mailing list