[Openswan Users] ipsec/l2tp Windows (yes again)
Brian Candler
B.Candler at pobox.com
Tue Apr 25 09:49:29 CEST 2006
On Mon, Apr 24, 2006 at 09:36:44PM -0700, Trevor Benson wrote:
> Oh and as for testing the PSK cert thing, when I attempted to set a PSK
> in the windows client previously the errors in the log were related to
> the certificate installed and not having a valid entry for it, so I
> ripped out the PSK and changed the secrets and the connection back to
> using the certificate I already had installed from linsys. Not sure but
> it appears that if you have a certificate installed that the client
> doesn't bother to use the defined PSK? Go figure....
Windows uses whatever you tell it to. That is:
- XP: you can tick a box to use PSK, if you don't it'll use a cert
- 2K: will use a cert only, but you can set a registry setting not to
apply any IPSEC policy at all for L2TP. Then you can manually add a
PSK policy for that destination IP address.
(I'm assuming you're using the Microsoft built-in IPSEC stack and L2TP)
Regards,
Brian.
More information about the Users
mailing list