[Openswan Users] Testing of openswan-Do we need a certificate

Paul Wouters paul at xelerance.com
Tue May 16 08:26:36 CEST 2006

On Tue, 16 May 2006, karthik.ramanathan at wipro.com wrote:

> In windows 2000 I gave the secpol.msc in the run and then I followed the
> steps of creating a IP filter and then gave the destination and source
> IP in the respective fields . I also had a parameter called tunnel end
> point ,I don know exactly what it does ?? Please can u tell what IP
> should I give there and what does it actually do ???

I have never used secpol.msc to manually create all those low level
paramters. I have used lsipsectool.exe (ipsec.exec in the past, but do
not use this tool anymore) or l2tp.

> I have given pfs=no in my ipsec.conf file . So for establishment of
> connection I need to get a certificate on both the linux and windows
> machines ??? Is it compulsory like otherwise the connection will not
> happen ??

Yes. See Nate Carlson's x509 page on how to generate certificates with
openssl, or use any software package that can create a CA infrastructure.
use certimport.exe to import the certificate on the client machines. Do
not double click the certificate files, because it will import it wrongly.

alternatively, you can read the X509.README on how to create certificates
as well.

(or read the book linked below :)
Building and integrating Virtual Private Networks with Openswan:

More information about the Users mailing list