What is a "machine certificate" for IPSEC?

I have the same problem and I am searching for a solution for months now. VPN over IPSEC runs without a problem, I can choose a certificate in Server Admin, but I am not able to choose it in the client config. "No machine certificate found".

I even created my own CA and created keys in the certificate assistant, which I exported to the client... with the help of the article on afp548.com:
http://www.afp548.com/article.php?story=20050813004038282

But no luck! Who knows more?!?!

updated instructions at:
http://www.jacco2.dds.nl/networking/freeswan-panther.html#Cert_ID
explain how to create a cert which OSX will accept for use as a "Machine Certificate".

section 8.4 on the same page provides detailed instructions for importing the cert. in particular it is important that "Keychain Access" be run with the 'sudo' command, and that the cert to be used be located in the "System" keychain.

more info can be found at the opensway users list:
http://lists.openswan.org/pipermail/users/


aram

Hi Aram,

I now found the time to test again a vpn setup with certificates. But even with these new manuals I do not get a working connection. So I am still using "Password" for user-authentication and a "Pre-Shared-Key" for the machine.

I am using OS X as server and client. I created my own CA on the server (see link above) and created a certificate. This one I imported to the VPN Server and chose it in the VPN L2TP-Settings. I also imported the certificate on the client to the system keychain, like described in the manual.

But my client will ****** not connect!! I restarted racoon manually, I rebooted my machine, I tried it with different domain-names, but the result is still NOTHING!

I don't know where to search for errors. The log on the server displays nothing, same on the client log. Who knows more? Pls help.

Greetz,
prahn