[Openswan Users] Win98 l2tp INVALID_CERTIFICATE x509

Robert W. Burgholzer rburgholzer at maptech-inc.com
Mon Jul 12 19:47:11 CEST 2004 

Hello,
I am trying to use msl2tp.exe on a windows 98 machine to connect to a 
road-warrior linux freeswan 2.04. The linux server gateway is successfully 
serving a static subnet-to-subnet vpn with another linux server, and 2 
road-warrior win XP clients (both behind NAT cable modems).

The x509 certificates were generated with the same procedure as before, and 
the l2tp set up was done according to the docs at: 
http://www.jacco2.dds.nl/networking/msl2tp.html .  The connection is 
initiated, but fails. The messages that look strange to me are "crl update 
is overdue since..." and of course, "INVALID_CERTIFICATE".  I should note 
that my other connections, that are still functioning also complain of an 
overdue crl, but they still function (and if anyone knows how to solve 
that, it would be welcome too) I get the following in my secure log when 
trying to establish (x.y.z.w is subbed for my clients IP):

Jul 12 18:30:55 www2 pluto[32439]: "maptech-annex"[4] x.y.z.w#6: received 
Vendor ID Payload; ASCII hash: 
G;gI\023q|\0234fP[V\134he\001\002\001\001\002\001\001\003\0208.1.0 (Build 10)
Jul 12 18:30:55 www2 pluto[32439]: "maptech-annex"[4] x.y.z.w #6: received 
Vendor ID Payload; ASCII hash: 0%[R\020b9e=DAF*5)6
Jul 12 18:30:55 www2 pluto[32439]: "maptech-annex"[4] x.y.z.w #6: received 
Vendor ID Payload; ASCII hash: Z\016\023x
Jul 12 18:30:55 www2 pluto[32439]: "maptech-annex"[4] x.y.z.w #6: received 
Vendor ID Payload; ASCII hash: \011
Jul 12 18:30:56 www2 pluto[32439]: "maptech-annex"[4] x.y.z.w #6: ignoring 
informational payload, type IPSEC_INITIAL_CONTACT
Jul 12 18:30:56 www2 pluto[32439]: "maptech-annex"[4] x.y.z.w #6: Peer ID 
is ID_DER_ASN1_DN: 'C=US, ST=Virginia, L=Christiansburg, O=MapTech 
Incorporated, OU=Field Services, CN=annex, E=rburgholzer at maptech-inc.com'
Jul 12 18:30:56 www2 pluto[32439]: "maptech-annex"[4] x.y.z.w #6: crl 
update is overdue since May 15 15:17:16 UTC 2004
Jul 12 18:30:56 www2 pluto[32439]: "maptech-annex"[4] x.y.z.w #6: crl 
update is overdue since May 15 15:17:16 UTC 2004
Jul 12 18:30:56 www2 pluto[32439]: "maptech-annex"[4] x.y.z.w #6: sent MR3, 
ISAKMP SA established
Jul 12 18:30:56 www2 pluto[32439]: "maptech-annex"[4] x.y.z.w #6: ignoring 
informational payload, type INVALID_CERTIFICATE

Thanks in advance,
r.b.



Robert Burgholzer
Environmental Engineer
MapTech Inc.
http://www.maptech-inc.com/

More information about the Users mailing list