I set up openvpn for this. The gatewayserver produces also a zip file with
the following files : username.crt username.key username.ovpn ca.crt readme.txt
in the username.ovpn I substitute for every user the username.
The server generates with a script these zipfile and copies them so a fileserver where each user has his private folder (shared via samba to their laptop)
The server runs this script every week to generate keys which are valid for a month.
(in case a laptop gets lost, it is relative harmless, but you can off course add a password to the username.key
all a user has to do is to extract the zip file in the correct directory on his laptop, but maybe it is even possible to script this in windows somehow.
the installation in windows is very easy I was told.
about ipsec, I know it is possible but there are some limitations for the network, since not everything can survive NAT, while openvpn can even be used via http-proxy (or udp or tcp)
regards
tlowk
|