Configuring OS X L2TP VPN to use Certificate for IPSEC layer instead of Pre Shared Key

Posted by Matthew Savage on Server Fault See other posts from Server Fault or by Matthew Savage
Published on 2010-05-25T14:33:17Z Indexed on 2010/05/25 14:41 UTC
Read the original article Hit count: 473

Filed under:
|
|
|

I'm trying to setup a L2TP VPN on an OS X Snow Leopard Server setup, and have had success using a pre-shared key, however I would rather not rely on a simple string, and use a certificate instead.

Setting this up on the server side is seemingly easy, you simply select a certificate you have generated from the list, and hit apply, however when I try to use the certificate on the client side it fails.

I have exported the certificate into a P12 file, and then transferred to the client, and imported into the login keychain, however when I try to choose the certificate (from Network preferences, clicking Authentication Settings, then selecting Certificate and pressing Select) I am shown the following error:

No machine certificates found Certificate authentication cannot be used because your keychain does not contain any suitable certificates. Use Keychain Access to import the certificate into your keychain. If you do not have the certificates required for authentication, contact your network administrator.

Unfortunately even when I try to generate a certificate where I override the defaults, ensure the DNS name etc are set properly this doesn't change.

When I select Certificate Authentication for the User Auth, and click Select the certificate for the server shows up there, but obviously this isn't where I need it to be available.

© Server Fault or respective owner

Related posts about vpn

Related posts about macosxserver