[Openswan Users] doubt about authentication

Jacco de Leeuw jacco2 at dds.nl
Fri Apr 1 19:07:16 CEST 2005

Trevor Hennion wrote:

> On Friday 01 Apr 2005 15:07, rodrigo nobrega wrote:
>>Im find a way to use User/Pass to open tunnel between
>>XP client and Debian/openswan server.
>>im using x.509 certif.
>>im looking informations about Smartcards/usb crypto to
>>use on winxp side, l2tp/ipsec (im whating v 2.3.1) or
>>any other solution.
> Try http://www.strongswan.org/

In this case switching to Strongswan won't help, if Rodrigo wants
to use L2TP/IPsec with the built-in Windows client. That is because
Microsoft distinguishes between 'machine certificates' and 'user
certificates'. A machine certificate is used for IPsec and cannot
be installed on a smartcard or token (as far as I know). The user
certificate is used in the PPP phase when EAP authentication is

So Rodrigo needs a PPP server with EAP support (or a PPP server
that can authenticate against a RADIUS server through EAP-TLS).
Or switch to a third-party IPsec client with smartcard support.

Jacco de Leeuw                         mailto:jacco2 at dds.nl
Zaandam, The Netherlands           http://www.jacco2.dds.nl

More information about the Users mailing list