[Openswan Users] [possible-spam:6.639] Re: Unable to connect toOpenswan/L2TP from Sprint Wireless Broadband
gotoh at eis.co.jp
Mon Mar 10 01:38:58 EDT 2008
Dear Mr Jacco de Leeuw,
Thanks a lot for your accurate suggestion.
Indeed, as your suggestion, the trouble was due to mal configuration of the
certificates on the client side.
While client certificate was correctly installed for the Computer Account,
CA certificate had been installed only in the User Account.
(We usually do not include CA certificate in user PKCS12 files, since the CA
certificate normaly is already installed for other purposes.)
XP's certificate utility, while checking a user certifacate for the Compter
account, lt looks for the assoicate CA certifacate not only in the Computer
Account but also in the User account. The utility reports that the
certificate is trust worth even if it could only find CA cert in the User
account and not it the Computer one. Howerver, as it was in my case, XP's
L2TP/IPSec client as logically does not accept such a situation.
I am happy to tell you that it works perfect now on the production system as
From: users-bounces at openswan.org [mailto:users-bounces at openswan.org] On
Behalf Of Jacco de Leeuw
Sent: Wednesday, March 05, 2008 4:48 AM
To: users at openswan.org
Subject: [possible-spam:6.639] Re: [Openswan Users] Unable to connect
toOpenswan/L2TP from Sprint Wireless Broadband
Alan Whinery wrote:
> Now you guys got me all interested, as I have been using Sprint EVDO,
> and have never had a problem. I will go look at logs.
>> However, if Sprint EVDO does not block ESP then it should have worked
>> with his backup dialup account as well. But it did not.
... then it should not have worked with his backup dialup account as well.
But it did.
Jacco de Leeuw mailto:jacco2 at dds.nl
Zaandam, The Netherlands http://www.jacco2.dds.nl
Users at openswan.org
Building and Integrating Virtual Private Networks with Openswan:
More information about the Users