Thanks for the tip. In my target environment are no administrative user rights available.
Best Regards Johannes Am 22.08.2014 19:15, schrieb Henry R. Prins: > I would suggest using the shrew soft client. > > Sincerely, > > Henry R. Prins Jr. > Senior Support Specialist > 888-325-8307 > [cid:[email protected]]<http://www.multidataservices.com/> > Click Here to Join the MDS Community!<http://www.multidataservices.com/forum/> > [linkedin]<http://www.linkedin.com/company/multi-data-services-corp.> > [twitter] <https://twitter.com/mdssoftware> [facbook] > <https://www.facebook.com/MDSNewYork> > > > From: [email protected] > [mailto:[email protected]] On Behalf Of jotpe > Sent: Friday, August 22, 2014 11:12 AM > To: [email protected] > Subject: [strongSwan] user certificate could not be found via windows 7 vpn > connect > > To get confident with ipsec, I followed the configuration examples for > estabslishing a secured host to host communication (with x509 pki certs) > between two debian servers. That works fine :) > > > Now the real job: > I'm trying to configure a debian server talking ipsec to windows 7 clients. > > Like in the example before, I create CA und client certs, following this > instructions: > https://wiki.strongswan.org/projects/strongswan/wiki/SimpleCA > > Following "B) Authentication using X.509 User Certificates" > https://wiki.strongswan.org/projects/strongswan/wiki/Win7UserConfig > I also inlcuded "--flag serverAuth --flag ikeIntermediate" > > an error occurred while clicking on the vpn-connect button: > "A certificate could not be found that can be used with this Extensible > Authentication Protocol. (Error 798)" > > I tried several things to solve it, by recreation of the windows client cert: > - Changing the common name in from "sun" to my actual username. Doesn't work. > - Merging the pubkey and private key to a single pfx file. The import dialog > sais, "imported correctly into own certs", but is never shown in the cert > manager. > > > Does anybody know how to create client certs, which Windows 7 accepts? > > Best Regards, Johannes >
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
