[Openswan Users] L2TP IPSEC and Windows XP

André Mendes - WAITS amendes at waits.com.br
Thu Feb 28 08:18:36 EST 2008


Hi Jacco.

I discovered the problem. Ipsec.secrets had a problem when try to load
certify. Another think that I found was that you need to put the leftnexthop
in ipsec.conf. If you don´t put this parameter, the gateway couldn´t find
your host.

One more question. Do you know IF I can logon in Active Directory, instead
of use the ppp file?

Thanks a lot for your help.

André

-----Mensagem original-----
De: users-bounces at openswan.org [mailto:users-bounces at openswan.org] Em nome
de Jacco de Leeuw
Enviada em: quinta-feira, 28 de fevereiro de 2008 08:42
Para: users at openswan.org
Assunto: Re: [Openswan Users] Problem with OpenSwan and windows mobile 6.0


Denis Beltramo wrote:

> for this case i have added at my openssl.cnf this line:
> 
> extendedKeyUsage=1.3.6.1.5.5.8.2.2,serverAuth
> subjectAltName=IP:172.31.1.192 <http://172.31.1.192>
> 
> ignoring informational payload, type INVALID_CERT_AUTHORITY

This error indicates that the Mac client does not find these EKUs
in the certificate that the server sends. Are you sure they have
been added to the server certificate?  Check with:

openssl x509 -text -noout -in servercrt.pem

It should list no EKU at all, or:

  X509v3 Extended Key Usage:
    1.3.6.1.5.5.8.2.2, TLS Web Server Authentication

(The latter is actually the "serverAuth").

Jacco
-- 
Jacco de Leeuw                         mailto:jacco2 at dds.nl
Zaandam, The Netherlands           http://www.jacco2.dds.nl
_______________________________________________
Users at openswan.org
http://lists.openswan.org/mailman/listinfo/users
Building and Integrating Virtual Private Networks with Openswan: 
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155



More information about the Users mailing list