Hello,

I am looking into setting up a Windows-Client in tunnel mode, without using the standard VPN-client, with user/name password for (eap-authentication), a long the lines that I connect my strongswan-client in this post:

viewtopic.php?t=204321

As far as I can tell I won't be able to use the built in client-interface, without getting an IP from the responder.

Does anyone have any experience that can be shared on how to achieve this?

The following power-shell cmdlet, looks promissing:

https://learn.microsoft.com/en-us/power ... tipsecrule

In combination with this one:

https://learn.microsoft.com/en-us/power ... se2authset

But it seems unclear whether it can do eap-authentication.

if anyone have done a similar setup between windows servers, or clients, their input would be very welcome.

It might not be doable

Windows supports four distinct types of authentications: Kerberos, certificates, NTLMv2, and preshared key.

https://learn.microsoft.com/en-us/azure ... te-windows

This seems to be the Microsoft proprietary-protocol authip:

https://learn.microsoft.com/en-us/windo ... -is-authip

The Add-VpnConnection-commandlet seems promissing:


https://learn.microsoft.com/en-us/power ... connection

But configuring "plain tunnelmode" as in strongswan, doesn’t seem clear in any way.