I am working on a project which needs to call a web service that can only be accessed whilst being connected via a VPN. The legacy platform that we're migrating from ran on OpenBSD and used the built-in IPSec tools to create the connection.
The following config is how the connection is established. Can anyone help me as to how I'd go about creating this VPN connection on a Windows 7 machine. I've been researching on-line but don't understand enough of the existing script to attempt creating the connection on Windows. I understand there used to be a tool called ipseccmd.exe which seems to have parameters that match some of these but I don't think this included in the later versions of Windows?
Here is the OpenBSD config extract: (I have the required IP addresses for the $variables etc.)
ike esp from $dev_server to $destination_lan peer $destination_peer \
main auth hmac-md5 enc aes-256 group modp1024 \
quick auth hmac-md5 enc aes-256 group modp1024 \
psk "pre_shared_key_goes_here"
"
Best Answer
Use Windows Firewall's Connection Security Rules to configure IPsec on Windows 7.
Open the Start Menu, search for "Windows Firewall with Advanced Security". Open it. In the left-hand panel, right-click on "Windows Firewall with Advanced Security". Select "Properties". Open the tab labelled "IPsec Settings". Click on "Customize".
In the section labelled "Key exchange (Main Mode)", click "Customize".
Click "Add" and select "MD5" as the integrity algorithm, "AES-CBC 256" for the encryption algorithm, and "Diffie-Hellman Group 2" for the key exchange algorithm. Click "OK". Click "OK".
In the section labelled "Data protection (Quick Mode)", click "Customize".
Check "Require encryption for all connection security rules that use these settings".
Click "Add" and select "ESP", select "MD5" as the integrity algorithm, and select "AES-CBC 256" for the encryption algorithm.
Click "OK". Click "OK". Click "OK". Click "OK".
In the left-hand panel, right-click on "Connection Security Rules". Select "New Rule" Select "Tunnel". Click "Next>". Click "Next>". Click "Next>". Click "Add" and enter $dev_server. Click "OK". Click the upper "Edit" and enter $dev_server. Click on the lower "Edit" and enter $destination_peer. Click "Next>". Select "Advanced" and click "Customize". In the section labelled "First authentication", click "Add". Select "Preshared key". Enter the preshared key. Click "OK". Click "OK". Click "Next>". Click "Next>". Enter a name for the rule. Click "Finish"
EDIT: added steps to configure IPsec.