I would suggest using the shrew soft client. Sincerely,
Henry R. Prins Jr. Senior Support Specialist 888-325-8307 [cid:[email protected]]<http://www.multidataservices.com/> Click Here to Join the MDS Community!<http://www.multidataservices.com/forum/> [linkedin]<http://www.linkedin.com/company/multi-data-services-corp.> [twitter] <https://twitter.com/mdssoftware> [facbook] <https://www.facebook.com/MDSNewYork> From: [email protected] [mailto:[email protected]] On Behalf Of jotpe Sent: Friday, August 22, 2014 11:12 AM To: [email protected] Subject: [strongSwan] user certificate could not be found via windows 7 vpn connect To get confident with ipsec, I followed the configuration examples for estabslishing a secured host to host communication (with x509 pki certs) between two debian servers. That works fine :) Now the real job: I'm trying to configure a debian server talking ipsec to windows 7 clients. Like in the example before, I create CA und client certs, following this instructions: https://wiki.strongswan.org/projects/strongswan/wiki/SimpleCA Following "B) Authentication using X.509 User Certificates" https://wiki.strongswan.org/projects/strongswan/wiki/Win7UserConfig I also inlcuded "--flag serverAuth --flag ikeIntermediate" an error occurred while clicking on the vpn-connect button: "A certificate could not be found that can be used with this Extensible Authentication Protocol. (Error 798)" I tried several things to solve it, by recreation of the windows client cert: - Changing the common name in from "sun" to my actual username. Doesn't work. - Merging the pubkey and private key to a single pfx file. The import dialog sais, "imported correctly into own certs", but is never shown in the cert manager. Does anybody know how to create client certs, which Windows 7 accepts? Best Regards, Johannes
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
