To get confident with ipsec, I followed the configuration examples for estabslishing a secured host to host communication (with x509 pki certs) between two debian servers. That works fine :)
Now the real job: I'm trying to configure a debian server talking ipsec to windows 7 clients. Like in the example before, I create CA und client certs, following this instructions: https://wiki.strongswan.org/projects/strongswan/wiki/SimpleCA Following "B) Authentication using X.509 User Certificates" https://wiki.strongswan.org/projects/strongswan/wiki/Win7UserConfig I also inlcuded "--flag serverAuth --flag ikeIntermediate" an error occurred while clicking on the vpn-connect button: "A certificate could not be found that can be used with this Extensible Authentication Protocol. (Error 798)" I tried several things to solve it, by recreation of the windows client cert: - Changing the common name in from "sun" to my actual username. Doesn't work. - Merging the pubkey and private key to a single pfx file. The import dialog sais, "imported correctly into own certs", but is never shown in the cert manager. Does anybody know how to create client certs, which Windows 7 accepts? Best Regards, Johannes
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
