Datasheet
“main” (Installation and Administration) — 2004/6/25 — 13:29 — page 640 — #666
i
i
i
i
i
i
i
i
Exporting a Windows Configuration File
On the server, start the ‘VPN’ YaST module in the YaST control center
under the heading ‘Security and Users’. In the overview (Figure 26.5 on
page 635), click ‘Connections’ then select the required server connection in
the connection overview. After you select ‘Experts...’ ➝ ‘Export’ ➝ ‘Win-
dows’, select the storage location for the windows_ipsec.conf file,
which must be transferred to the Windows client. This file is a suggestion
for a Windows client and its details may need to be adapted.
Preparing Windows
You can set up the IPsec connection manually, which requires
ipseccmd.exe (Windows XP) or ipsecpol.exe (Windows 2000). These
should be included in your Windows installation. In the case of Win-
dows XP, execute support\tools\setup.exe on the installation CD
(complete installation). However, these programs are command line–based,
making them quite difficult to use. You can also configure the connection
by means of MMC (Microsoft Management Console), however, this is not
particularly intuitive. Instead, it is recommended to use the ipsec.exe
tool, which does the main work of configuring the IPsec connection under
Windows XP or Windows 2000 for you.
Download this tool onto your computer from http://vpn.ebootis.
de/package.zip and decompress the contents, for example, under
C:\Programs\IPsec\. At this point, our thanks go to the author,
marcus@ebootis.de.
If you use Windows 2000, first load at least ServicePack2, so Windows
2000 can also handle 3DES encryption. Otherwise, a connection to Win-
dows 2000 cannot be made. ServicePack2 is available at http://www.
microsoft.com/windows2000/downloads/servicepacks/
sp2/sp2lang.asp. In the case of Windows 2000, you also need
ipsecpol.exe, which can be found in the resource kit at http://
agent.microsoft.com/windows2000/techinfo/reskit/tools/
existing/ipsecpol-o.asp.
640 26.2. VPN with SUSE LINUX