From owner-freebsd-questions@FreeBSD.ORG  Mon Mar 15 12:48:37 2004
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 4111B16A4CF
	for <freebsd-questions@freebsd.org>;
	Mon, 15 Mar 2004 12:48:37 -0800 (PST)
Received: from gdmckee.com (82-36-186-17.cable.ubr03.soli.blueyonder.co.uk
	[82.36.186.17])	by mx1.FreeBSD.org (Postfix) with ESMTP id A8C8643D1F
	for <freebsd-questions@freebsd.org>;
	Mon, 15 Mar 2004 12:48:35 -0800 (PST)
	(envelope-from freebsd@gdmckee.com)
Received: from [192.168.0.190] (helo=p2000)
	by gdmckee.com with smtp (Exim 4.30; FreeBSD)
	id 1B2z0k-0005BF-CD
	for freebsd-questions@freebsd.org; Mon, 15 Mar 2004 20:48:34 +0000
Message-ID: <00da01c40ace$e2220e80$be00a8c0@gdmckee.home>
From: "Gordon McKee" <freebsd@gdmckee.com>
To: <freebsd-questions@freebsd.org>
Date: Mon, 15 Mar 2004 20:48:34 -0000
MIME-Version: 1.0
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1158
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Content-Filtered-By: Mailman/MimeDel 2.1.1
Subject: L2TP VPN with Racoon and WinXP
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Mar 2004 20:48:37 -0000

Hi

Has anyone managed to get this to work?  I have set the FreeBSD box up =
as per the instruction on =
http://www.sigsegv.cx/FreeBSD-WIN2K-IPSEC-HOWTO.html .  Not sure if the =
server is fully configured yet.  I tried to VPN to the box over the =
local LAN but get the following error from WinXP "Error 798: A =
certificate could not be found that can used with this Extensible =
Authentication Protocol"  I copied the certificate from the FreeBSD box =
and imported it into the Windows Certificate Store.

Does anyone know what I am doing wrong or how to generate a proper =
certificate XP will handle?

The openssl lines didn't work due to path issues from the above link so =
here are the lines I used to generate the certificates:

2.3

openssl req -new -x509 -keyout /usr/local/etc/openssl/private/CAkey.pem =
-out /usr/local/etc/openssl/private/CAcert.pem -config =
/usr/local/etc/openssl/openssl.conf

openssl pkcs12 -export -in /usr/local/etc/openssl/private/CAcert.pem =
-inkey /usr/local/etc/openssl/private/CAkey.pem -nokeys -out CA.p12=20

2.4

openssl req -new -keyout /usr/local/etc/openssl/server-key-encrypted.pem =
-out /usr/local/etc/openssl/server.pem -days 360 -config =
/usr/local/etc/openssl/openssl.conf

cat /usr/local/etc/openssl/server.pem =
/usr/local/etc/openssl/server-key-encrypted.pem > =
/usr/local/etc/openssl/server-req.pem

openssl ca -policy policy_match -out =
/usr/local/etc/openssl/server-signed.pem -config =
/usr/local/etc/openssl/openssl.conf -infiles =
/usr/local/etc/openssl/server-req.pem

openssl rsa -in /usr/local/etc/openssl/server-key-encrypted.pem -out =
/usr/local/etc/openssl/server-key.pem=20

2.5

openssl req -new -keyout /usr/local/etc/openssl/user-key.pem -out =
/usr/local/etc/openssl/user.pem -days 360 -config =
/usr/local/etc/openssl/openssl.conf

cat /usr/local/etc/openssl/user.pem /usr/local/etc/openssl/user-key.pem =
> /usr/local/etc/openssl/user-req.pem

openssl ca -policy policy_match -out =
/usr/local/etc/openssl/user-signed.pem -config =
/usr/local/etc/openssl/openssl.conf -infiles =
/usr/local/etc/openssl/user-req.pem

openssl pkcs12 -export -in /usr/local/etc/openssl/user-signed.pem -inkey =
/usr/local/etc/openssl/user-key.pem -name "User Name Goes Here" =
-certfile /usr/local/etc/openssl/private/CAcert.pem -out user.p12=20


Thanks in advance.

Gordon