User profile for user: Jack Valko
Jack Valko Author
User level: Level 1
20 points

Configuring L2TP/IPSec VPN with certificates and RRAS

I'm trying to configure my L2TP/IPSec client to connect to a Windows 2003 RRAS service. My network uses certificates (machine authentication) and I can't use shared secrets.

From the Windows world a certificate is created for my Mac and I add it to the keychain as a "System" cert.

From the Internet Connection dialog I click on L2TP/IPSec VPN and configure the hostname and my login. When I click on the radio button to add a machine certificate I get an error dialog that says no valid certificates can be found.

Has anyone done this successfully?

J

Posted on Aug 23, 2005 12:01 AM

Reply
4 replies
User profile for user: Michael Tennes
Michael Tennes
User level: Level 1
56 points

Sep 7, 2005 12:53 PM in response to Jack Valko

Have you added your machine certificate to the X509Anchors Keychain? That is where all the trusted certificates go. If that doesn't work, try adding the certificate authority that created your machine certificate to the X509Anchors keychain and then your machine certificate should be trusted.

I've been working with Apple Engineers on getting L2TP/IPSec working with user certificates without any luck. But, this might work for you, since your using a machine certificate.
Reply
User profile for user: Jack Valko
Jack Valko Author
User level: Level 1
20 points

Sep 12, 2005 1:07 PM in response to Michael Tennes

I have added the machine certificate to my X509 Anchors. When I attempt to setup the L2TP VPN using certificate auth, I get:

NO MACHINE CERTIFICATES FOUND
Certificate authentication cannot be used because your keychain does not contain any suitable certificates. Use Keychain Access to import the appropriate certificates into your keychain. If you do not have the certificates required for authentication, contact your network administrator.
Reply
User profile for user: Jack Valko
Jack Valko Author
User level: Level 1
20 points

Sep 13, 2005 5:20 PM in response to Michael Tennes

I've installed a machine certificate using the MS certificate services from Safari, dragged that into the Keychain as an X509Anchor, and I have installed the CA.

No workie.

There are complexities and potential incompatibilties with this setup that are making it unworkable, and most IT admins don't understand certificates anyway (myself included). I'm about ready to declare this doesn't work.

Has anyone done this successfully (using a machine certificate to authenticate against Windows RRAS)?
Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

Configuring L2TP/IPSec VPN with certificates and RRAS

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up