[bdNOG] IPsec Vpn between windows 2008 server and linux server

Brian Candler brian at nsrc.org
Sun Aug 17 21:15:34 BDT 2014

On 14/08/2014 05:55, atanvir at banglaphone.net.bd wrote:
> Dear All,
> I want to established point to point  IPsec vpn  between windows 2008 
> server and linux server.
So, you have several options. Some of them depend on whether both 
machines have static IPs, or whether one of them is on a dynamic IP 
and/or behind NAT.

(1) Probably the simplest solution is to use OpenVPN. Install it on both 
ends, write a config file at both ends, and start it up.

With a pre-shared key you can have a very simple configuration:

(2) Another simple software solution you can look at is TINC

(3) If both ends are on static IPs and not behind NAT then you can use 
IPSEC Transport Mode to secure the connection. This requires installing 
a persistent policy at the Windows end, and an IPSEC policy at the Linux 
end (e.g. using racoon)

This is not for the faint hearted; and Microsoft kept changing the 
syntax for the commands to use, so it's different for XP / Windows 2000 
/ Windows 2003 etc. But you can google for it, and I can probably dig 
out old notes if needed.

(4) Another possible solution is L2TP over IPSEC Transport Mode, which 
will give you a virtual dial-up connection. But you will need to choose 
one end as "server" (fixed IP, L2TP Network Server) and the other end as 
"client" (dynamic IP, L2TP Access Concentrator) and the tools for doing 
this are pretty hairy.



More information about the nog mailing list