[Openswan Users] Re: Windows XP Roadwarrior (FreeSWAN 2.05 + x509 patch): IPsecpolicy problem [--SOLVED--]

Nate Carlson natecars at natecarlson.com
Mon Jun 21 11:04:51 CEST 2004


On Sun, 20 Jun 2004, Jeannot Langlois wrote:
> From...
> "C=CA,L=Amos,O=Actares Inc,OU=Security,CN=certificates,emailAddress=security at actares.com"
> 
> To:
> "C=CA,L=Amos,O=Actares Inc,OU=Security,CN=certificates,E=security at actares.com"
> 
> and it solved my problem.  Indeed, it was a windows-side problem.

One kind-of easy way to make sure you've got the proper CA entry, taken 
from my guide at http://www.natecarlson.com/linux/ipsec-x509.php#trouble:

- Load the IPSec MMC you created earlier
- Click IP Security Policies; double-click on the FreeSwan tunnel
- Double-click roadwarrior-Host filter
- Click on the 'Authentication Methods' tab
- Click 'Add', then 'Use a certificate from this CA'
- Click Browse, find your CA
- Copy/paste the text in the grayed-out box into your ipsec.conf

That'll give you the proper string for the CA as Windows understands it. I
did request at some point that Xelerance add this functionality to
certimport.exe (so when you import your certificate, it'll tell you the
proper CA string to use); not sure if they will be able to do that or not,
though. (Windows may not expose that in a way they can get at, etc.)

------------------------------------------------------------------------
| nate carlson | natecars at natecarlson.com | http://www.natecarlson.com |
|       depriving some poor village of its idiot since 1981            |
------------------------------------------------------------------------


More information about the Users mailing list