|
||||||||
Hi all, I think I need some pointers with regards to my setup.. I've googled, but nothing is getting *quite* like the setup I would want/need.. What I need is a road warrior or two using Ubuntu 9.10 and strongswan to use X509 certs to VPN in to the m0n0wall. I currently have a static VPN setup from the m0n0 to another site, and have done for years, and this works perfectly. (until the remote site's ISP drops) What I've done is create a CA of my own on an internal server, so that I can sign a bunch of certs, not just for m0n0.. I've created a new entry under IPSEC->CA's and then copied the contents of this cacert.pem into the box. I've then created a private key, and CSR with said key, and signed it with with the CA for m0n0wall. The signed part has gone into the IPSEC-> Mobile Clients -> Certificate. The key part has gone into IPSEC -> Mobile Clients -> Key. I then did the same for a key and CSR for one of the road warriors... Using Network Manager, setup new VPN... Gateway: Address: <External IP of m0n0> Certificate : pointing to file of CSR signed cert from m0n0 (IPSEC-> Mobile Clients -> Certificate.) Client: Authentication: - Certificate/Private key Certificate :- points to file CSR signed cert for the RW Private Key:- Private key file used to create the CSR for RW. Put a tick in "Request an inner IP address", "Enforce UDP encapsulation".. It doesn't work, and not sure why.. I am certain I have done something stupid - but what, that is the question I'm hoping someone can prod me in the correct direction with... Only two things I've got are.... Nov 7 18:59:25 laptop-testing NetworkManager: <WARN> connection_state_changed(): Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken. And Network Manager message of "The VPN connection failed because there were no valid VPN secrets" Any pointers will be appreciated.. Cheers AM |