[Openswan Users] [possible-spam:6.639] Re: Unable to connect toOpenswan/L2TP from Sprint Wireless Broadband

Hideo GOTO gotoh at eis.co.jp
Mon Mar 10 01:38:58 EDT 2008 

 Dear Mr Jacco de Leeuw,


Thanks a lot for your accurate suggestion.

Indeed, as your suggestion, the trouble was due to mal configuration of the
certificates on the client side.

While client certificate was correctly installed for the Computer Account,
CA certificate had been installed only in the User Account.
(We usually do not include CA certificate in user PKCS12 files, since the CA
certificate normaly is already installed for other purposes.)

XP's certificate utility, while checking a user certifacate for the Compter
account, lt looks for the assoicate CA certifacate  not only in the Computer
Account but also in the User account. The utility reports that the
certificate is trust worth even if it could only find CA cert in the User
account and not it the Computer one. Howerver, as it was in my case, XP's
L2TP/IPSec client as logically does not accept such a situation.

I am happy to tell you that it works perfect now on the production system as
well.

Many thanks

Hideo GOTO 

-----Original Message-----
From: users-bounces at openswan.org [mailto:users-bounces at openswan.org] On
Behalf Of Jacco de Leeuw
Sent: Wednesday, March 05, 2008 4:48 AM
To: users at openswan.org
Subject: [possible-spam:6.639] Re: [Openswan Users] Unable to connect
toOpenswan/L2TP from Sprint Wireless Broadband


Alan Whinery wrote:

> Now you guys got me all interested, as I have been using Sprint EVDO, 
> and have never had a problem. I will go look at logs.
>>
>> However, if Sprint EVDO does not block ESP then it should have worked 
>> with his backup dialup account as well. But it did not.

I meant:

... then it should not have worked with his backup dialup account as well.
But it did.


-- 
Jacco de Leeuw                         mailto:jacco2 at dds.nl
Zaandam, The Netherlands           http://www.jacco2.dds.nl
_______________________________________________
Users at openswan.org
http://lists.openswan.org/mailman/listinfo/users
Building and Integrating Virtual Private Networks with Openswan: 
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155

More information about the Users mailing list