[Openswan Users] ipsec/l2tp Windows (yes again)

Brian Candler B.Candler at pobox.com
Tue Apr 25 09:49:29 CEST 2006

On Mon, Apr 24, 2006 at 09:36:44PM -0700, Trevor Benson wrote:
> Oh and as for testing the PSK cert thing, when I attempted to set a PSK
> in the windows client previously the errors in the log were related to
> the certificate installed and not having a valid entry for it, so I
> ripped out the PSK and changed the secrets and the connection back to
> using the certificate I already had installed from linsys.  Not sure but
> it appears that if you have a certificate installed that the client
> doesn't bother to use the defined PSK? Go figure....

Windows uses whatever you tell it to. That is:
- XP: you can tick a box to use PSK, if you don't it'll use a cert
- 2K: will use a cert only, but you can set a registry setting not to
  apply any IPSEC policy at all for L2TP. Then you can manually add a
  PSK policy for that destination IP address.

(I'm assuming you're using the Microsoft built-in IPSEC stack and L2TP)



More information about the Users mailing list