Very strange WindowsXP -> FreeSWAN problem

From: Helge (darkstar2000_at_gmx.net)
Date: 09/29/03

• Next message: tom: "Administrative Password Recovery"
• Previous message: Meconceal: "Re: Please help me!!!"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: 29 Sep 2003 10:42:20 -0700

Hi,
I have a very strange problem here: I have Windows XP... ok, that is not
the main problem, but I can't connect with WindowsXP to my Linux server
running FreeSWAN. Although I have no problems to connect to the server
with my pc at home which is running Windows 2000. I took the same
ipsec.conf and even the same key but it doesn't work. The oakley.log
shows this:

IKE konnte kein gültiges Computerzertifikat finden. (IKE failed to
find valid machine certificate)

But the key was properly installed. After trying for quite a while I
made it work by accident: the original (from my Win2k pc) ipsec.conf
says something like:
rightca="C=DE, L=Braunschweig, O=HLCCC, OU=CAUnit, CN=h.lenz@..." (Don't mind
the "...")
and I changed the CN to "Gateway", which is the CN of the Linux machine.
Of course it didn't work so I went to the management console and changed
the certificate for every rule in "Freeswan" by hand by picking the one
that is installed from the list. This certificate of course says for
issuer the exact phrase that was in the ipsec.conf in the first place,
but now it somehow worked! I made some tests and found out, that it only
works if I give the wrong "rightca" in the ipsec.conf and either change
the certificate of every rule or add a new certificate to every rule. My
problem now is, that I don't want to make 30 mouseclicks and
doubleclicks everytime I ran "ipsec". So if anyone can tell me how to
make it work with only ONE mouseclick, I would really be thankful.
A first workaround would be to find a command to add a certificate to
every rule, a second "rightca=..." in ipsec.conf doesn't work.

Regards
Helge.

• Next message: tom: "Administrative Password Recovery"
• Previous message: Meconceal: "Re: Please help me!!!"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages RE: updates after format ... if the Microsoft Server is down. ... software you are installing has not passed Windows Logo testing verify its ... When you try to download an ActiveX control, install an update to Windows ... and you do not have the appropriate certificate in your Trusted Publishers ... (microsoft.public.windows.mediacenter) Re: Need help configuring Wireless Connection profile ... and I can only use the intel OR windows utility, not both at the same time. ... Windows authentication for all users,4129,LRG\ryanv,4149,Wireless WPA2 ... SMALL BUSINESS SERVER: ... STEP #1 Install Certificate Services ... (microsoft.public.windowsxp.general) Re: Windows Update repeats ... You cannot install some updates or programs ... to a Windows component, install a service pack for Windows or for a Windows ... The Microsoft digital signature affirms that software has been tested with ... Publishers certificate store. ... (microsoft.public.windowsupdate) Re: sfc /scannow wont run ... or upgrade installs but I definitely know retail versions do. ... If you have Windows XP Pro installed then do not purchase a Windows XP Home ... This behavior can occur if the certificate for VeriSign time stamping ... (microsoft.public.windowsxp.help_and_support) Very strange WindowsXP -> FreeSWAN problem ... I have a very strange problem here: I have Windows XP... ... the certificate for every rule in "Freeswan" by hand by picking the one ... that I don't want to make 30 mouseclicks and ... A first workaround would be to find a command to add a certificate to ... (microsoft.public.win2000.security)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint