L2TP VPN with Racoon and WinXP
Gordon McKee
freebsd at gdmckee.com
Mon Mar 15 12:48:37 PST 2004
Hi
Has anyone managed to get this to work? I have set the FreeBSD box up as per the instruction on http://www.sigsegv.cx/FreeBSD-WIN2K-IPSEC-HOWTO.html . Not sure if the server is fully configured yet. I tried to VPN to the box over the local LAN but get the following error from WinXP "Error 798: A certificate could not be found that can used with this Extensible Authentication Protocol" I copied the certificate from the FreeBSD box and imported it into the Windows Certificate Store.
Does anyone know what I am doing wrong or how to generate a proper certificate XP will handle?
The openssl lines didn't work due to path issues from the above link so here are the lines I used to generate the certificates:
2.3
openssl req -new -x509 -keyout /usr/local/etc/openssl/private/CAkey.pem -out /usr/local/etc/openssl/private/CAcert.pem -config /usr/local/etc/openssl/openssl.conf
openssl pkcs12 -export -in /usr/local/etc/openssl/private/CAcert.pem -inkey /usr/local/etc/openssl/private/CAkey.pem -nokeys -out CA.p12
2.4
openssl req -new -keyout /usr/local/etc/openssl/server-key-encrypted.pem -out /usr/local/etc/openssl/server.pem -days 360 -config /usr/local/etc/openssl/openssl.conf
cat /usr/local/etc/openssl/server.pem /usr/local/etc/openssl/server-key-encrypted.pem > /usr/local/etc/openssl/server-req.pem
openssl ca -policy policy_match -out /usr/local/etc/openssl/server-signed.pem -config /usr/local/etc/openssl/openssl.conf -infiles /usr/local/etc/openssl/server-req.pem
openssl rsa -in /usr/local/etc/openssl/server-key-encrypted.pem -out /usr/local/etc/openssl/server-key.pem
2.5
openssl req -new -keyout /usr/local/etc/openssl/user-key.pem -out /usr/local/etc/openssl/user.pem -days 360 -config /usr/local/etc/openssl/openssl.conf
cat /usr/local/etc/openssl/user.pem /usr/local/etc/openssl/user-key.pem > /usr/local/etc/openssl/user-req.pem
openssl ca -policy policy_match -out /usr/local/etc/openssl/user-signed.pem -config /usr/local/etc/openssl/openssl.conf -infiles /usr/local/etc/openssl/user-req.pem
openssl pkcs12 -export -in /usr/local/etc/openssl/user-signed.pem -inkey /usr/local/etc/openssl/user-key.pem -name "User Name Goes Here" -certfile /usr/local/etc/openssl/private/CAcert.pem -out user.p12
Thanks in advance.
Gordon
More information about the freebsd-questions
mailing list