StrongSWAN L2TP IPSec VPN with PSK and DynDNS configuration
I'm trying to set up a VPN server with StrongSWAN on Kubuntu 12.04. This should be used only as a fileserver and provide different clients with changing IP addresses (DSL) access to samba shares. The server (intern IP 192.168.178.2) is behind a NAT router (Fritz!Box FON WLAN 7390, intern IP 192.168.178.1) which also connects via DSL to the internet. DynDNS is configured on the router. It should work with preshared keys. The clients are mostly Win7 or WinXP, installation of additional software should be avoid. It would be neccesary that after a succesfull connection the server and all the clients are able to see each other in the Windows network enviroment. The clients and the server should get IP addresses in an own subnet (192.168.100.0/24). There are many instructions about StrongSWAN in the internet, but only for certificates or fixed IPs. If there's anyone who has such a configuration working or knows a website where this is explained exactly I would be thankful for a little bit help.
Hope for some answers.
Here is a link, unfortunately in German language!But the config file is in english. May be you can try google translate to understand further.
Thanks for your reply. Translation into german isn't a problem for me. But as I know you have to install the software "FRITZ!Box-Fernzugang" on client side to make it work. I'm looking for a solution without installing any software on the client (especially Win7). Maybe you know a way how to configure a connection with Windows onboard tools to a FRITZ!-VPN?
Sadly, I don't know any way to connect to a Fritzbox without the client software. What I can find in Internet that a few people have been successful connection to Fritzbox without using the client. The other possibility is with Shrew Soft VPN Connect.
If I have understood your situation correctly, I don't see any possible solution that can satisfy all your requirements. As for the strongswan there is no way to escape using certificates. Because the connecting user authenticates using Username/Password using MSCHAPv2, but the gateway needs to be authenticated in advance using Certificates.
For assigning static IP to the clients you may use ipsec pool tool:
I guess you need to come to a compromise for a possible solution. If you don't want to get into vpn stuffs, you can also think of creating a NAS server and sharing it securely for the user or may be this is also interesting:
|All times are GMT -5. The time now is 11:08 PM.|