[Openswan Users] Some information please
terrymason at hotmail.com
Wed Dec 21 09:37:08 CET 2005
Hello everyone - hopefully I'm posting in the correct place - this is my
first attempt at support.
I have inherited an openswan installation on my companies firewall. This
allows us to VPN into the company network (openswan is on Fedora 3, and the
clients are all windows xp). I personally have no experience with vpns, and
am trying to make some new certs. The existing certs/connections seem fine,
but any new certificates I create never work.
I have detailed instructions left from the previous admin - here is a rough
sketch of what I'm trying:
1. CA -newca
2. CA -sign
3. move the two files to /etc/ipsec.d/certs or private/username.device.xxx
4. openssl pkcs12 -export -in /etc/ipsec.d/certs/username.device.pem -inkey
So everything appears to work, and I get a fancy p12 file, and my
instructions tell me to install it on my windows clients. I've taken the
p12 file, and tried double clicking and installing it that way (appers to
work) but my windows client takes forever trying to make a connection, then
finally gives an error (error 729 I belive, but i'm at work now and can't
My instructions tell me not to auto install, but instead to go to the
personal folder (in my certificates mmc) and import directly to my personal
folder. When I do this, I get two certs in that folder - one with my
company name on it, and another with my name (this looks different from the
existing vpn laptops, which only have one cert - with the user's name on
Hopefully this is enough information to give you guys. I am still reading
and trying to understand what exactly is going on. I believe that I am
using openssl to generate some certificates, then private keys combined with
that certificate to access the network.
Another question - when creating a vpn connection, and dialing from the
windows client, am I supposed to enter my NT domain username / password into
the vpn box, or some other information (like the cert password)?
Thank you very much for your time!
Terry Mason Jr.
More information about the Users