T
T
Tarakanator2021-12-14 13:22:42
Windows
Tarakanator, 2021-12-14 13:22:42

Advise ipsec IKEv2 client for windows?

I need VPN for mikrotik. And as a self-education, I wanted to make a secure VPN.
in terms of performance, only ipsec and wireguard are suitable. But wireguard is in beta, so ipsec.
I picked up linux-microtik and android-mikrotik, but I couldn’t cope with windows-mikrotik.
Google on request ipsec windows gives out only about setting up a native client. I did not manage to make a request so that it issues third-party ipsec clients.
The native windows client does not support the most secure encryption methods.
I found a forticlient, it already can do almost everything, only dh group 21 can't Well, I want something open source, otherwise who knows what this forticlient has.

Answer the question

In order to leave comments, you need to log in

5 answer(s)
K
korsar182, 2021-12-14
@korsar182

Which encryption methods are the most secure for you?
Windows supports aes256 and sha2 out of the box, you can configure anything you want with Set-VpnConnectionIPsecConfiguration.

C
CityCat4, 2021-12-14
@CityCat4

The native windows client does not support the most secure encryption methods.

What? AES256-CBC not too secure for you? Well, good, what is a "secure encryption method" for you?
For Windows, there are no IPSec clients - neither paid nor free. Forticlient will not work - he works exclusively with his equipment. Once upon a time there were ZyWall, The GreenBow, ShrewSoft - but they were all terribly crooked and therefore apparently died.
On the contrary, a standard user needs to have sparks.
A "secure VPN" doesn't happen in a vacuum. First, determine what it is for. For standard use - access to the corporate network from the point of departure on a business trip or from home when working on remote control of the built-in overdofig screw client, even though PFS has to be turned off there - otherwise the key update does not work, it will work for an hour - and freezes.
Of course, this all works only with certificates, no passwords there.

A
Alexander Karabanov, 2021-12-14
@karabanov

Do-it-yourself MikroTik IKE2 VPN
Nikita 's telegram channel has more recent versions of this manual.

G
Gregory, 2021-12-15
@Maxlinus

try https://www.softether.org/
SoftEther VPN Client
https://github.com/SoftEtherVPN/SoftEtherVPN_Stabl...

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question