Documentation¶ ,
microsoft Office 2010 Serial
IPsec Documentation
Installation Documentation
User Documentation
Developer Documentation
Wiki Start page
Index by title
Index by date
Windows 7¶
Windows 7 fully supports the IKEv2 (RFC 4306) and MOBIKE (RFC 4555) standards through Microsoft's Agile VPN functionality and is therefore able to interoperate with a strongSwan VPN gateway using these protocols. strongSwan currently can authenticate Windows 7 clients either on the basis of X.509 Machine Certificates using RSA signatures (case A) or Username/Password using EAP-MSCHAP v2 (case B).
Make sure to fulfill the certificate requirements to successfully authenticate peers with Windows 7.
A) Authentication using X.509 Machine Certificates¶
The strongSwan VPN gateway and each
Windows 7 client need an X.509 certificate issued by a Certification Authority (CA). OpenSSL can be used to generate these certificates.
On the
Windows 7 Client¶ Storing a
Windows 7 machine certificate Configuring a
Windows 7 Agile VPN connection Starting a
Windows 7 Agile VPN connection On the strongSwan VPN Gateway¶ Configuring strongSwan for a single
Windows 7 client Configuring strongSwan for multiple
Windows 7 clients strongSwan connection status and log information B) Authentication using EAP-MSCHAP v2¶
In order to prevent man-in-the-middle attacks the strongSwan VPN gateway always authenticates itself with an X.509 certificate using a strong RSA signature. After a secure communications channel has been set up by the IKEv2 protocol,
Office Standard 2007, the Windows 7 clients authenticate themselves using the EAP-MSCHAPv2 protocol based on user name,
Microsoft Office Pro Plus 2010, optional windows domain and user password.
The
Windows 7 Beta client did not verify the certificate trust chain and therefore was prone to man-in-the-middle attacks. This issue has been fixed in the Release Candidate. Additionally, Microsoft added certificate checks to prevent arbitrary certificate holders to act as a gateway.
EAP-MSCHAPv2 requires MD4 to generate the NT-Hashes,
Microsoft Office Professional Plus 2010, so either the MD4 plugin or one of the crypto library wrappers (OpenSSL,
Office 2010 Home And Business, Gcrypt) is required.
Important: Microsoft's EAP-MSCHAPv2 implementation changed from Beta to Release Candidate. strongSwan up to 4.2.14 is compatible with the Beta version whereas the upcoming 4.3.1 release will be compatible with the Release Candidate.
On the Windows 7 Client¶ Storing a Windows 7 CA certificate Configuring a Windows 7 Agile VPN connection Starting a Windows 7 Agile VPN connection On the strongSwan VPN Gateway¶ Configuring strongSwan for multiple Windows 7 clients strongSwan connection status and log information Links¶ Adrian Dimcev's blog provides valuable information on Agile VPN connections between Windows 7 Beta and Windows Server 2008 R2 Beta. MoPo users at the University of Freiburg can connect to a strongSwan VPN gateway using Windows 7 (in German). Acknowledgements¶
Many thanks go to Edward Chang and Gleb Sechenov from the Information Security Institute (ISI) of the Queensland University of Technology (QUT) who provided the initial
Windows 7 Beta and Ubuntu Linux test setup.
Office 2010 Home And Business strongSwan - Windows
Linear Mode
