[Openswan Users] doubt about authentication
Jacco de Leeuw
jacco2 at dds.nl
Fri Apr 1 19:07:16 CEST 2005
Trevor Hennion wrote:
> On Friday 01 Apr 2005 15:07, rodrigo nobrega wrote:
>
>>Im find a way to use User/Pass to open tunnel between
>>XP client and Debian/openswan server.
>>
>>im using x.509 certif.
>>
>>im looking informations about Smartcards/usb crypto to
>>use on winxp side, l2tp/ipsec (im whating v 2.3.1) or
>>any other solution.
>
> Try http://www.strongswan.org/
In this case switching to Strongswan won't help, if Rodrigo wants
to use L2TP/IPsec with the built-in Windows client. That is because
Microsoft distinguishes between 'machine certificates' and 'user
certificates'. A machine certificate is used for IPsec and cannot
be installed on a smartcard or token (as far as I know). The user
certificate is used in the PPP phase when EAP authentication is
selected.
So Rodrigo needs a PPP server with EAP support (or a PPP server
that can authenticate against a RADIUS server through EAP-TLS).
Or switch to a third-party IPsec client with smartcard support.
Jacco
--
Jacco de Leeuw mailto:jacco2 at dds.nl
Zaandam, The Netherlands http://www.jacco2.dds.nl
More information about the Users
mailing list