Answer the question
In order to leave comments, you need to log in
T
T
Tarakanator2021-12-14 13:22:42
Tarakanator, 2021-12-14 13:22:42
Advise ipsec IKEv2 client for windows?
I need VPN for mikrotik. And as a self-education, I wanted to make a secure VPN.
in terms of performance, only ipsec and wireguard are suitable. But wireguard is in beta, so ipsec.
I picked up linux-microtik and android-mikrotik, but I couldn’t cope with windows-mikrotik.
Google on request ipsec windows gives out only about setting up a native client. I did not manage to make a request so that it issues third-party ipsec clients.
The native windows client does not support the most secure encryption methods.
I found a forticlient, it already can do almost everything, only dh group 21 can't Well, I want something open source, otherwise who knows what this forticlient has.
5 answer(s)
@korsar182
@CityCat4
What? AES256-CBC not too secure for you? Well, good, what is a "secure encryption method" for you?
For Windows, there are no IPSec clients - neither paid nor free. Forticlient will not work - he works exclusively with his equipment. Once upon a time there were ZyWall, The GreenBow, ShrewSoft - but they were all terribly crooked and therefore apparently died.
On the contrary, a standard user needs to have sparks.
A "secure VPN" doesn't happen in a vacuum. First, determine what it is for. For standard use - access to the corporate network from the point of departure on a business trip or from home when working on remote control of the built-in overdofig screw client, even though PFS has to be turned off there - otherwise the key update does not work, it will work for an hour - and freezes.
Of course, this all works only with certificates, no passwords there.
@karabanov
K
korsar182, 2021-12-14 @korsar182
Which encryption methods are the most secure for you?
Windows supports aes256 and sha2 out of the box, you can configure anything you want with Set-VpnConnectionIPsecConfiguration.
C
CityCat4, 2021-12-14 @CityCat4
The native windows client does not support the most secure encryption methods.
What? AES256-CBC not too secure for you? Well, good, what is a "secure encryption method" for you?
For Windows, there are no IPSec clients - neither paid nor free. Forticlient will not work - he works exclusively with his equipment. Once upon a time there were ZyWall, The GreenBow, ShrewSoft - but they were all terribly crooked and therefore apparently died.
On the contrary, a standard user needs to have sparks.
A "secure VPN" doesn't happen in a vacuum. First, determine what it is for. For standard use - access to the corporate network from the point of departure on a business trip or from home when working on remote control of the built-in overdofig screw client, even though PFS has to be turned off there - otherwise the key update does not work, it will work for an hour - and freezes.
Of course, this all works only with certificates, no passwords there.
A
Alexander Karabanov, 2021-12-14 @karabanov
Do-it-yourself MikroTik IKE2 VPN
Nikita
's telegram channel has more recent versions of this manual.
Similar questions
D
P
pinguine2017-06-06 17:14:53
Is there any way to check the existence of a city programmatically?
3Reply
V
K
Z
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question