Hello François, > used as an IKEv2 IPsec/L2TP server
Windows supports L2TP/IPsec for a long time, but this setup uses IKEv1. The new IKEv2 client in Windows 7 does plain IPsec, no L2TP tunneling is involved. So if you have Windows 7 Clients only, I highly recommend to use IKEv2 only. > Despite this, my openssl certificate refuse to be selected in a relevant > way by the W7 VPN client. You'll need the "Server Authentication" Extended Key usage (1.3.6.1.5.5.7.3.1) and the DNS name you configure in your Windows connection profile as a subjectAltName in the certificate. See [1] for details, [2] may be of help, too. If it doesn't work, you can try to temporarily (!) disable extended checks as outlined in [1]. If it still doesn't work, double check that your CA is installed correctly. Regards Martin [1]http://wiki.strongswan.org/projects/strongswan/wiki/Win7CertReq [2]http://blogs.technet.com/b/rrasblog/archive/2009/06/10/what-type-of-certificate-to-install-on-the-vpn-server.aspx _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
