[Openswan Users] android l2tp crt connection
Paul Wouters
paul at xelerance.com
Fri Jul 29 10:24:56 EDT 2011
On Thu, 28 Jul 2011, Bob Miller wrote:
>> It should work with certs identifiers fine. However, some clients (notable OSX)
>> requires that the openswan server cert has its IP or FQDN in the subjectAltname
>> within the certificate.
>
> The firewall cert does have an FQDN as a subject alternative name.
> Here is a link to the article I referenced, the specific section is
> under L2TP/IPSec CRT:
> http://doandroids.com/Apps/OneVpn/how-to/servers/
> I just spent the last 10 minutes looking through the logs to find the
> entry that supports this article's claim, but after all the trial and
> error I did there is too much flotsam to sort through. The log entry on
> the firewall had something to do with remote IP not matching the
> certificate, at least by my interpretation. I also remember it was
> immediately after ISAKMP SA established and the connection never reached
> QUICK_R1.
> Also, I tested on android 2.3 and 3.0.
> If you feel I was overlooking something, I would be very interested to
> hear your thoughts. I am certain I could get an android device back for
> a day of testing...
I guess I'll have to setup a cert l2tp ipsec server for you to test against.
Ping me sometime next week and I'll see if I can set one up.
Just ot be sure you arent missing anything else, please go over:
https://gsoc.xelerance.com/projects/openswan/wiki/L2TPIPsec_configuration_using_openswan_and_xl2tpd
Paul
More information about the Users
mailing list