[Openswan Users] Openswan 1.0.3 and Win2k or WinXP with X.509
Nate Carlson
natecars at natecarlson.com
Thu May 13 11:22:34 CEST 2004
On Thu, 13 May 2004, Trevor Benson wrote:
> Does anyone have multiple Openswan vpn systems with x.509 being used
> from Microsoft roadwarriors? I assume that the cert for each tunnel is
> negotiated from the list of personal certs based on the CA and host you
> connect to? Or does anyone know of any issues with using multiple certs
> on 2k or XP.
Are you using ipsec.exe, or l2tp over ipsec?
If ipsec.exe, the certificate to use is determined by the ca= entry --
it'll grab a cert from your store that was signed by that CA, and present
it to the remote side. Not sure what happens if you have multiple certs
from that CA - never tried it.
If l2tp over ipsec, Windows just seems to grab the first cert in your
personal store, in my experience. It doesn't seem to work properly if
you've got multiple certs, and the first one isn't the one you want to
use. :( (If anyone's been able to get it to work with multiple certs,
let me know!)
------------------------------------------------------------------------
| nate carlson | natecars at natecarlson.com | http://www.natecarlson.com |
| depriving some poor village of its idiot since 1981 |
------------------------------------------------------------------------
More information about the Users
mailing list