IPsec tunnel to non-Microsoft computer using IKEv2 RRS feed

  • Question

  • I want to programmatically setup an IPsec tunnel from a Windows 7 machine to a non-Microsoft machine using IKEv2 (because the non-Microsoft machine is running an open source IKEv2 implementation).  I want the Windows 7 machine to supply the certficate in a smart card (in a smart card reader attached to the Windows 7 machine) fior authentication in the IKEv2 exchange.

    I've looked at the Windows Firewall with Advanced Security snapin which appears to be the interface to establishing IPsec connections for Windows 7 (right?). I didn't see a way to supply the smart card certificate. The "Select a Certificate" dialog seems to be asking for a root certificate to be used in verifying the certificate the other side sends. And I didn't see a way to specify to use IKEv2 (with no AuthIP extensions).

    I searched for APIs that give more fine grained control over the IPsec connection setup. All I could find was the Windows Filtering Platform (WFP) APIs which don't appear to address my problem of selecting the smart card certificate or limited connection establishment to IKEv2.

    I'd appreciate advice and pointers to further information.


    Thursday, June 9, 2011 6:17 PM

All replies