VPN client software, shrew is easy to configure. It allows you to build IPsec tunnels from Window/Linux distribution.
You can download the soft for free from this site
What we want to achieve :
Client_1 and Client_2 have to build an IPsec tunnel to the MikroTik router. Also, all the traffic to LAN 192.168.0.0/24 has to pass thru the tunnel but both clients should be able to surf on the Internet. Authentication is going to be be made by certificates, clients are going to receive an IP @ from VPN pool.
For any certificates issues, please go there.
For any router configuration issue, please go there.
As the installation is easy, we skip it
Please run the software as Administrator. It is mandatory to create the virtual network interface.
Afeter creating a new connection, we can start the configuration :
Remote Host has to be an @ IP or a Domain Name (if DDNS is used)
Adaptator Mode is set to create a virtual adapter. The IP @ is going to be received from the router where the Pool is configured.
You should use NAT-T (client1) or not (client2)
It’s up to you to use or not IKE Fragmentation. Just keep in mind that it can open vulnerabilities.
The rest can keep by default
We use certificates to authenticate the client and the server (Mutual RSA). Local Identity and Remote Identity are configured in the same way. For more information
We specify which certificates to use :
We have :
Public CA certificate
Public Client certifcate
Secret client key
The Pre Shared Key is not in used in our configuration
We now specify which protocols to use for ISAKMP phase 1 and 2 :
It has to be equal to the router’s proposals.
We finish with the routing/topology part :
As the split is already configured on the router, we can tell the software to get the configuration Automatically
We can now relunch the soft to be sure that all parameters are taken in account.
After connection is established :
The IP @ assigned to the virtual interface is 192.168.10.254
We are able to ping the Rasp 192.168.0.15 in the LAN
I have no pictures to proove it but the surf is running for sure !
Name resolution is not used as I am still facing issue. I am not able to access SMB shares thru the VPN. If someone has an idea to allow broadcast packets …
In case of issues :
Shrew propose several powerfull debuging tools : VPN Trace Utility.
Bon clic à tous,