[strongSwan] user certificate could not be found via windows 7 vpn connect

Henry R. Prins HPrins at multidataservices.com
Fri Aug 22 19:15:48 CEST 2014


I would suggest using the shrew soft client.

Sincerely,

Henry R. Prins Jr.
Senior Support Specialist
888-325-8307
[cid:image001.png at 01CF0BA1.DDB72040]<http://www.multidataservices.com/>
Click Here to Join the MDS Community!<http://www.multidataservices.com/forum/>
[linkedin]<http://www.linkedin.com/company/multi-data-services-corp.>  [twitter] <https://twitter.com/mdssoftware>  [facbook] <https://www.facebook.com/MDSNewYork>


From: users-bounces at lists.strongswan.org [mailto:users-bounces at lists.strongswan.org] On Behalf Of jotpe
Sent: Friday, August 22, 2014 11:12 AM
To: users at lists.strongswan.org
Subject: [strongSwan] user certificate could not be found via windows 7 vpn connect

To get confident with ipsec, I followed the configuration examples for estabslishing a secured host to host communication (with x509 pki certs) between two debian servers. That works fine :)


Now the real job:
I'm trying to configure a debian server talking ipsec to windows 7 clients.

Like in the example before, I create CA und client certs, following this instructions:
https://wiki.strongswan.org/projects/strongswan/wiki/SimpleCA

Following "B) Authentication using X.509 User Certificates"
https://wiki.strongswan.org/projects/strongswan/wiki/Win7UserConfig
I also inlcuded "--flag serverAuth --flag ikeIntermediate"

an error occurred while clicking on the vpn-connect button:
"A certificate could not be found that can be used with this Extensible Authentication Protocol. (Error 798)"

I tried several things to solve it, by recreation of the windows client cert:
- Changing the common name in from "sun" to my actual username. Doesn't work.
- Merging the pubkey and private key to a single pfx file. The import dialog sais, "imported correctly into own certs", but is never shown in the cert manager.


Does anybody know how to create client certs, which Windows 7 accepts?

Best Regards, Johannes
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20140822/53bd707a/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 7035 bytes
Desc: image001.png
URL: <http://lists.strongswan.org/pipermail/users/attachments/20140822/53bd707a/attachment-0002.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 1125 bytes
Desc: image002.png
URL: <http://lists.strongswan.org/pipermail/users/attachments/20140822/53bd707a/attachment-0003.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.jpg
Type: image/jpeg
Size: 1352 bytes
Desc: image003.jpg
URL: <http://lists.strongswan.org/pipermail/users/attachments/20140822/53bd707a/attachment-0001.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image004.gif
Type: image/gif
Size: 1317 bytes
Desc: image004.gif
URL: <http://lists.strongswan.org/pipermail/users/attachments/20140822/53bd707a/attachment-0001.gif>


More information about the Users mailing list