I already read your posts ;-) and also man pages (ikectl, iked.conf and
iked)
But now it is for a road warrior configuration.
I don't understand these parts :
Parts that i don't understand, if someone can help me on :
-For server, i need a certificate server for vpn.X.net ? or aa.bb.cc.dd
?
ikectl ca vpn certificate ? create #(for server)
ikectl ca vpn certificate ? install #(for server)
-For win7, i need a certificate host for win7test ? or 192.168.0.77 ?
ikectl ca vpn certificate ?? create #(for win7)
ikectl ca vpn certificate ?? export #(for win7)
-On the GW
/etc/iked.conf:
ikev2 esp \
from any to any peer any \
srcid vpn.X.net \
config address 192.168.0.77
Run /sbin/iked -dvv
Finally :
On the win7, open certmgr.msc to add the certificates
add the 2 pfx certificates in the "Trusted Root Certification
Authorities store"
And create a IKEV2 connection without EAP.
Thank you very much.
Le 2012-05-22 10:28, Pavel Shvagirev a C)critB :
Have a look at the discussion between me and Mike Belopuhov that took
place not so long ago here... We have covered most of the troubles
that
you might have met following the man pages.
