[Openswan Users] Question: OpenSWan + L2TP with Win clients (certificate problems)

Damir Dezeljin programing at mbss.org
Wed Nov 3 10:40:58 CET 2004


Hi.


I set up a VPN GW for my Win2k/XP road warriors using MS IPSec/L2TP
client.

The setup is now working. Unfortunately I encountered a problem:
I set up two such VPN configurations on two different organizations.
Because of this I had to set up two independent CA and of course I
imported both certificates in my WinXP certificate store (one for each VPN
GW).

Unfortunatelly I encountered a problem because of those two certificates.
I found out that Windows is trying to use the last imported certificate
(the new one) for both connections regardless the CA of the VPN server. Of
course this allows me to connect to only one VPN gateway.

Does anyone know how can I specify that a specified certificate should be
used for a certain connection with MS client? Is there a way to do it in
MMC or even better by adding some additional line in the certificate.
If I have to hack with MMC I sould prefere to define such an IPSec policy
that it will be used ONLY when using RAS to dial to the VPN GW.

Any sugestion?

Thanks and best regards,
Dezo



More information about the Users mailing list