Re: ikev2 and a win7 road warrior host

[Pavel Shvagirev]

Working iked.conf that runs without a problem:

ikev2 "win7" quick passive esp inet proto udp \
        from $local_net to $client_net local local.endpoint.net peer
remote.endpoint.net \
        srcid local.endpoint.IP.address \
        dstid "remote endpoint's certificate distinguished name" \
        rsa \
        config address 192.168.126.2 \
        config name-server 192.168.0.126 \
        tag ipsec_$name

Certificate must be issued for win7 endpoint as described above and
imported properly on Win machine. As well as CA's certificate.
192.168.126.2 is the IP address that Win7 machine will get on IPSec
interface. 192.168.0.126 is the nameserver that will be assigned for
that interface. RSA parameter is generally not needed, as well as TAG.

local.endpoint.net - can be a FQDN that will be resolved into the IP
address of the local endpoint - the point that acts like a responder
(openbsd machine running iked). OpenBSD's certificate must be issued to
the `host local.endpoint.net' IP address.

peer.endpoint.net - is an initiator side (win7 machine). Win7's cert
must be issued to that IP.

That scheme works for me right now.

22.05.2012 14:52, Wesley P=P0P?P8Q
P0P;:
> "Error 1931: the context has expired and can no longer be used" 

-- 
Best regards,
Pavel Shvagirev
skype: pavel.shvagirev