[Openswan Users] Re: Windows XP Roadwarrior (FreeSWAN 2.05 +
x509 patch): IPsecpolicy problem [--SOLVED--]
Nate Carlson
natecars at natecarlson.com
Mon Jun 21 11:04:51 CEST 2004
On Sun, 20 Jun 2004, Jeannot Langlois wrote:
> From...
> "C=CA,L=Amos,O=Actares Inc,OU=Security,CN=certificates,emailAddress=security at actares.com"
>
> To:
> "C=CA,L=Amos,O=Actares Inc,OU=Security,CN=certificates,E=security at actares.com"
>
> and it solved my problem. Indeed, it was a windows-side problem.
One kind-of easy way to make sure you've got the proper CA entry, taken
from my guide at http://www.natecarlson.com/linux/ipsec-x509.php#trouble:
- Load the IPSec MMC you created earlier
- Click IP Security Policies; double-click on the FreeSwan tunnel
- Double-click roadwarrior-Host filter
- Click on the 'Authentication Methods' tab
- Click 'Add', then 'Use a certificate from this CA'
- Click Browse, find your CA
- Copy/paste the text in the grayed-out box into your ipsec.conf
That'll give you the proper string for the CA as Windows understands it. I
did request at some point that Xelerance add this functionality to
certimport.exe (so when you import your certificate, it'll tell you the
proper CA string to use); not sure if they will be able to do that or not,
though. (Windows may not expose that in a way they can get at, etc.)
------------------------------------------------------------------------
| nate carlson | natecars at natecarlson.com | http://www.natecarlson.com |
| depriving some poor village of its idiot since 1981 |
------------------------------------------------------------------------
More information about the Users
mailing list