Win2K IPsec vs. OpenBSD

Win2K IPsec vs. OpenBSD

Post by jhecke » Tue, 20 Jun 2000 04:00:00

Hi, all -

am seeking a how-to on using the bastardized Win2K version of IPsec with
an OpenBSD server.  Anyone know how to do this?



PS - if it's convenient, email will reach me faster.


1. Cisco SecureNet/Win32 vs IPSec/OpenBSD

Hi everyone,

My employer has provided me with Cisco SecureNet client software
which I run on my NT laptop to establish a VPN with the corporate
network. In theory, SecureNet is an IPSEC implementation, so it
should be possible to get my OpenBSD NAT firewall on my home network
to establish the VPN connection as well, which would be a lot
more convenient than having to dial up my ISP from the laptop
when I want to use the VPN.

At this point I'm not 100% sure that I've got isakmpd configured
correctly, but there's one stumbling block I can't seem to get
past: isakmpd refuses to read my personal certificate and the
CA certificate I exported from the SecureNet software, and the
error messages are less than helpful. When I try to start isakmpd,
I get:

212350.698866 Default x509_read_from_dir: PEM_read_bio_X509 failed for
CaCert.cser: Undefined error: 0
212350.699601 Default x509_read_from_dir: PEM_read_bio_X509 failed for
JAKCert.der: Undefined error: 0

where CaCert.cser is the CA certificate, and JAKCert.der is my own

I would think there'd be a standard format for these things, but
apparently not? If anyone else has done this successfully, or can
even give me some idea where to start looking for a solution, I
would really appreciate it. I admit to being a complete newbie
at IPSEC, and somewhat confused about the whole thing. I've read
the OpenBSD FAQ and some other material, Google searches etc, but
I can't seem to find any documentation about the expected format
of the certificate files. A gentle RTFM won't be sneered at
if I've missed something obvious.

Thanks in advance,

-- Joe

(PS - an email copy of any reply would be appreciated :-)

-- Joseph A. Knapka
"If I ever get reincarnated... let me make certain I don't come back
 as a paperclip." -- protagonist, H Murakami's "Hard-boiled Wonderland"
// Linux MM Documentation in progress:
* Evolution is an "unproven theory" in the same sense that gravity is. *

2. fortune hanging

3. IPSec vs. PPTP vs. ?

4. Linux Command Syntax

5. Win2K vs FreeBSD vs Booteasy (MBR) ??

6. Installing mgetty on Linux v 4.0 HELP PLEASE???

7. IPSec + Win2k-native talking to OpenBSD over wireless, in replace of WEP using OpenBSD as a WAP.

8. problem solving methods

9. Win2k (ipsec.exe) and freeswan

10. Win2k and Solaris using ipsec

11. IPSEC on Solaris 2.8 and Win2k

12. freebsd <-> win2k VPN IPsec

13. Win2k --> firewall --> ipsec /freeswan --> remote network