Date: Mon, 15 Mar 2004 20:48:34 -0000 From: "Gordon McKee" <freebsd@gdmckee.com> To: <freebsd-questions@freebsd.org> Subject: L2TP VPN with Racoon and WinXP Message-ID: <00da01c40ace$e2220e80$be00a8c0@gdmckee.home>
next in thread | raw e-mail | index | archive | help
Hi Has anyone managed to get this to work? I have set the FreeBSD box up = as per the instruction on = http://www.sigsegv.cx/FreeBSD-WIN2K-IPSEC-HOWTO.html . Not sure if the = server is fully configured yet. I tried to VPN to the box over the = local LAN but get the following error from WinXP "Error 798: A = certificate could not be found that can used with this Extensible = Authentication Protocol" I copied the certificate from the FreeBSD box = and imported it into the Windows Certificate Store. Does anyone know what I am doing wrong or how to generate a proper = certificate XP will handle? The openssl lines didn't work due to path issues from the above link so = here are the lines I used to generate the certificates: 2.3 openssl req -new -x509 -keyout /usr/local/etc/openssl/private/CAkey.pem = -out /usr/local/etc/openssl/private/CAcert.pem -config = /usr/local/etc/openssl/openssl.conf openssl pkcs12 -export -in /usr/local/etc/openssl/private/CAcert.pem = -inkey /usr/local/etc/openssl/private/CAkey.pem -nokeys -out CA.p12=20 2.4 openssl req -new -keyout /usr/local/etc/openssl/server-key-encrypted.pem = -out /usr/local/etc/openssl/server.pem -days 360 -config = /usr/local/etc/openssl/openssl.conf cat /usr/local/etc/openssl/server.pem = /usr/local/etc/openssl/server-key-encrypted.pem > = /usr/local/etc/openssl/server-req.pem openssl ca -policy policy_match -out = /usr/local/etc/openssl/server-signed.pem -config = /usr/local/etc/openssl/openssl.conf -infiles = /usr/local/etc/openssl/server-req.pem openssl rsa -in /usr/local/etc/openssl/server-key-encrypted.pem -out = /usr/local/etc/openssl/server-key.pem=20 2.5 openssl req -new -keyout /usr/local/etc/openssl/user-key.pem -out = /usr/local/etc/openssl/user.pem -days 360 -config = /usr/local/etc/openssl/openssl.conf cat /usr/local/etc/openssl/user.pem /usr/local/etc/openssl/user-key.pem = > /usr/local/etc/openssl/user-req.pem openssl ca -policy policy_match -out = /usr/local/etc/openssl/user-signed.pem -config = /usr/local/etc/openssl/openssl.conf -infiles = /usr/local/etc/openssl/user-req.pem openssl pkcs12 -export -in /usr/local/etc/openssl/user-signed.pem -inkey = /usr/local/etc/openssl/user-key.pem -name "User Name Goes Here" = -certfile /usr/local/etc/openssl/private/CAcert.pem -out user.p12=20 Thanks in advance. Gordon
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?00da01c40ace$e2220e80$be00a8c0>