L2TP VPN with Racoon and WinXP

Gordon McKee freebsd at gdmckee.com
Mon Mar 15 12:48:37 PST 2004 

Hi

Has anyone managed to get this to work?  I have set the FreeBSD box up as per the instruction on http://www.sigsegv.cx/FreeBSD-WIN2K-IPSEC-HOWTO.html .  Not sure if the server is fully configured yet.  I tried to VPN to the box over the local LAN but get the following error from WinXP "Error 798: A certificate could not be found that can used with this Extensible Authentication Protocol"  I copied the certificate from the FreeBSD box and imported it into the Windows Certificate Store.

Does anyone know what I am doing wrong or how to generate a proper certificate XP will handle?

The openssl lines didn't work due to path issues from the above link so here are the lines I used to generate the certificates:

2.3

openssl req -new -x509 -keyout /usr/local/etc/openssl/private/CAkey.pem -out /usr/local/etc/openssl/private/CAcert.pem -config /usr/local/etc/openssl/openssl.conf

openssl pkcs12 -export -in /usr/local/etc/openssl/private/CAcert.pem -inkey /usr/local/etc/openssl/private/CAkey.pem -nokeys -out CA.p12 

2.4

openssl req -new -keyout /usr/local/etc/openssl/server-key-encrypted.pem -out /usr/local/etc/openssl/server.pem -days 360 -config /usr/local/etc/openssl/openssl.conf

cat /usr/local/etc/openssl/server.pem /usr/local/etc/openssl/server-key-encrypted.pem > /usr/local/etc/openssl/server-req.pem

openssl ca -policy policy_match -out /usr/local/etc/openssl/server-signed.pem -config /usr/local/etc/openssl/openssl.conf -infiles /usr/local/etc/openssl/server-req.pem

openssl rsa -in /usr/local/etc/openssl/server-key-encrypted.pem -out /usr/local/etc/openssl/server-key.pem 

2.5

openssl req -new -keyout /usr/local/etc/openssl/user-key.pem -out /usr/local/etc/openssl/user.pem -days 360 -config /usr/local/etc/openssl/openssl.conf

cat /usr/local/etc/openssl/user.pem /usr/local/etc/openssl/user-key.pem > /usr/local/etc/openssl/user-req.pem

openssl ca -policy policy_match -out /usr/local/etc/openssl/user-signed.pem -config /usr/local/etc/openssl/openssl.conf -infiles /usr/local/etc/openssl/user-req.pem

openssl pkcs12 -export -in /usr/local/etc/openssl/user-signed.pem -inkey /usr/local/etc/openssl/user-key.pem -name "User Name Goes Here" -certfile /usr/local/etc/openssl/private/CAcert.pem -out user.p12 


Thanks in advance.

Gordon

More information about the freebsd-questions mailing list