Hello All,

I just wanted to post a quick message here for any system admins that would like to use Linux as a IPSEC VPN Gateway but need to support the usual Win2K/XP clients. Here is a free product that may be of interest.

http://www.shrew.net/download

The VPN Client was designed to work with ipsec-tools + FreeBSD as the gateway but others such as NetBSD have been tested. Features include multiple XAuth user authentication modes, automatic client network configuration, remote network topology download, NAT Traversal, IKE fragmentation and transport pre-fragmentation ( ala NetBSD 3.0 ). The latter three are useful for clients behind NAT devices or broken DSL/Cable routers that drop large or fragmented UDP packets.

Although this product was not tested with Linux, it should work with the Linux kernel ipsec stack. I was hoping someone could help me fill in the gaps in my Linux knowledge. I have heard NAT-T is supported, but what version of a kernel do you need for this? Also, do most distributions include ipsec-tools by default or are you required to download and compile the software manually?

Thanks,

-Matthew