View Single Post
  #2   (View Single Post)  
Old 10th August 2009
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
Join Date: May 2008
Location: USA
Posts: 7,479

There may be secure alternatives to ftp which are easier to implement, test, inspect, and manage than IPSec: sftp, for example. ftp is a poor choice for file transfer, because userids, passwords are sent in the clear, as is the content.

For sftp, a commercial SSH client for Windows can be acquired, or, Putty's PSFTP may be used, or OpenSSH can be used under Cygwin.

AFAIK, the "snap in" does not work. There are some freeware alternatives, which implement IPSec policies without the snap-in:

Microsoft: downloadable ipseccmd.exe program -- I've never tried it, but I've read that it is possible to get IPSec working with it.

Draytek Smart VPN Client: I use this with several WXP desktops. It does not recover automatically after a timeout, so would not be appropriate for server use.

Shrew Soft's VPN Client for Windows: several other Daemonforums users like it, though, like MS's software, I've not used it.

Setting up IPSec on OpenBSD is fairly easy, it is even easier when both ends of your tunnel are OpenBSD. Google for "zero to ipsec in 4 minutes" for one simple example of the latter.
Reply With Quote