VPN Client and Machine Certificates for Unattanded VPN access

Discussion in 'Security Software' started by Mike Lanham-Hathaway, Sep 11, 2007.

  1. Hi There,

    I am looking for information on if it is possbile to get the MS VPN Client
    to use digital authentication certificates issued into the machine
    certificate store for establishing an IPsec VPN? I have a number of XP
    workstations acting as information kiosks that will require secure access to
    a network with no user intervention. I want to know if it is also posible to
    get XP to establish this VPN at boot time rather than have a user start this
    manually??

    Any help would be great.

    Mike
     
    Mike Lanham-Hathaway, Sep 11, 2007
    #1
    1. Advertisements

  2. Mike Lanham-Hathaway

    Brian Komar Guest

    You need to understand how the MS VPN client works. If you are planning on
    using IPSec, the client uses L2TP over IPSec, not pure IPSec.
    This means that the machine store is read for the IPSec authentication
    certificate. For the actual user authenticatoin of the VPN, the certificate
    must be in the user's store. Thus, you could not have the VPN launched
    automatically using a machine assigned certificate. The user would have to
    log on to do this or provide credential/certificate to do this

    Brian
     
    Brian Komar, Sep 11, 2007
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.