01-04-2008 03:02 AM
01-04-2008 09:48 AM
01-04-2008 10:15 AM
01-09-2008 07:37 AM
Thanks for the responses.
OK - so I do this with certs.
Setting up the SSG side is somewhat documented in the C&E-books, but I'm lost with XP. The document mentioned in the reply above deals with W2k, but I assum with XP (pro) you'd do the cert stuff with the mmc and the cert snap-in, right? But how exactly do I use those - starting with the first snap-in question, what certs to manage: user, service or computer??? No idea.
How do I tie the (openssl-generated) cert to the ipsec-portion of the l2tp over ipsec-tunnel in xp?
Do I still need to fiddle with the XP registry editor like it needed to be done in W2k?
01-09-2008 07:46 AM
01-10-2008 09:06 AM
Thanks for the pointer. I gave it a try but didn't succeed.
The document is quite confusing (in section 'Downloading the CA certificates for the WIN2K machine', they saynce you have downloaded the CRL to your machine you must install it onto your machine. You must first right click on the certificate and select install...' - are we talking cert or crl?; "12. To verify that the certificate, Click on certificates then personal.". Sorry?)
On top of that, in section 'You must now edit your registry to make a connection for L2TP over IPSEC.':
4. You must go to the PASSWORD registry key for L2TP tunnel authentication:
HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Control/Class/4D36E972-E325…/0002/ (On my W2K box, it’s 0002. Should be the one containing minil2tpport)Password/PASSWORD
(An easier way to locate it: find the registry containing key word "l2tp_miniport")
I don't have a key containg the string 'minil2tpport'
Giving up. Sniff...