[strongSwan] user certificate could not be found via windows 7 vpn connect

Johannes jotpe.osm at gmail.com
Mon Aug 25 19:29:57 CEST 2014


Thanks for the tip. In my target environment are no administrative user
rights available.

Best Regards
Johannes

Am 22.08.2014 19:15, schrieb Henry R. Prins:
> I would suggest using the shrew soft client.
> 
> Sincerely,
> 
> Henry R. Prins Jr.
> Senior Support Specialist
> 888-325-8307
> [cid:image001.png at 01CF0BA1.DDB72040]<http://www.multidataservices.com/>
> Click Here to Join the MDS Community!<http://www.multidataservices.com/forum/>
> [linkedin]<http://www.linkedin.com/company/multi-data-services-corp.>  [twitter] <https://twitter.com/mdssoftware>  [facbook] <https://www.facebook.com/MDSNewYork>
> 
> 
> From: users-bounces at lists.strongswan.org [mailto:users-bounces at lists.strongswan.org] On Behalf Of jotpe
> Sent: Friday, August 22, 2014 11:12 AM
> To: users at lists.strongswan.org
> Subject: [strongSwan] user certificate could not be found via windows 7 vpn connect
> 
> To get confident with ipsec, I followed the configuration examples for estabslishing a secured host to host communication (with x509 pki certs) between two debian servers. That works fine :)
> 
> 
> Now the real job:
> I'm trying to configure a debian server talking ipsec to windows 7 clients.
> 
> Like in the example before, I create CA und client certs, following this instructions:
> https://wiki.strongswan.org/projects/strongswan/wiki/SimpleCA
> 
> Following "B) Authentication using X.509 User Certificates"
> https://wiki.strongswan.org/projects/strongswan/wiki/Win7UserConfig
> I also inlcuded "--flag serverAuth --flag ikeIntermediate"
> 
> an error occurred while clicking on the vpn-connect button:
> "A certificate could not be found that can be used with this Extensible Authentication Protocol. (Error 798)"
> 
> I tried several things to solve it, by recreation of the windows client cert:
> - Changing the common name in from "sun" to my actual username. Doesn't work.
> - Merging the pubkey and private key to a single pfx file. The import dialog sais, "imported correctly into own certs", but is never shown in the cert manager.
> 
> 
> Does anybody know how to create client certs, which Windows 7 accepts?
> 
> Best Regards, Johannes
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 551 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20140825/f84f745f/attachment.pgp>


More information about the Users mailing list