After Hours



Configure certificates for an L2TP/IPSec VPN

By aaron ·
Tags: Off Topic
so i used this handy: Configure IT Quick: Configure certificates for an L2TP/IPSec VPN (at

I think i followed the instructions properly, I requested and installed the certificate. Though when i reconfigure windows vpn client to use IPsec, i get an error that says i do not have a certificate.

i might mention that I'm using w2k sbs and XP, so no w2k.

any ideas?


This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

Where did you

by dawgit In reply to Configure certificates fo ...

install the cert? and where did you get it?
Is this an open (as on the internet) VPN or internal network that your VPN is to be carried? I would suggest that for a private VPN, one should use his own certs. (as in make them your self) Keep in mind that the same certs need to be installed on all the computers that can connect to that VPN. -d

Collapse -

I got it from...

by aaron In reply to Where did you

i made the cert. its from an w2k3 sbs from an open VPN. I cant seem to find where it is installed or figure out how to tell if the same cert is installed on both machines. any more advice?

thanks for the reply.

Collapse -

Are you useing the XP as your server monitor?

by dawgit In reply to I got it from...

Or doing your set-up directly on the server? Anyway, go to the sourse, the MSDN Lirary. (then -> win32 and COM Devolopment
-> Security) a good place to get up to speed. link: [ ]
Best for you though to get you where you need to be is (again the MSDN Library) You'll be working in the Cert Manager, found on your system under WINN (or Windows, on the XP machine, and I think the Ser2003 and up) Then open the System 32 folder. You'll find the 'certmgr.exe' there. (it will appear as an icon, of a certificate) Again to guide you through that go to the MSDN Library -> .NET Development -> Previous Versions (don't ask me why it's there) -> Tools and Debugger -> .NET Framework Tools -> Certificate Manager. Link: [ ]
Have Fun, Let me know how you make out. -d

Collapse -

guys...this is a Small Business Server environment

by CG IT In reply to Are you useing the XP as ...

Certificate Services is not normally installed in a Small Business Server by default.

you CAN create web site certificates or install 3rd party web site certificates in IIS, however to use L2TP IPSec in a Small Business Server environment, see this article which applies to L2TP IPSec remote access on Small Business Server 2003. Note using the remote access wizard simplfies the configuration process.

Collapse -

Ok, ok... Good point.

by dawgit In reply to guys...this is a Small Bu ...

I still not sure exactly what it is that he's setting up. My first question was to find out if this is an internal (as in all in one place, office) or external (as in utilizing the big www, maybe for telecommuting). You're right in that it looks like over kill. I have to use such things as certs, to be able to communicate with those that require such. (a must for SSL) Good link BTW, Thanks. -d
(and a thanks for keeping an eye on me. was I getting carried away again?)

Collapse -

no not getting carried away

by CG IT In reply to Ok, ok... Good point.

but Small Business Server isn't like Windows Server 2003 standard. It's setup using wizards and manually configuring stuff can actually break SBS. Example DHCP. DHCP breaks if you try to make a new scope to replace an existing scope manually. Have to rerun the setup wizard and the connect to the internet wizard to fix it.

just like certificate services. it's not installed by default and because Small Business Server runs sharepoint services, you can have web certificates that have nothing to do with L2TP IPSec remote access certificates. On top of that, implementing L2TP IPSec communications on the LAN and WAN can be a problem. Certificate services works but their self signed so for the WAN traffic the certs aren't recognized as safe.

Collapse -

what im trying to do

by aaron In reply to Ok, ok... Good point.

Thanks for all your replies. I will try you advice tomorrow. Just to let you know. I'm trying to share network resources cross continent. There is a dc running w2k on site A and a DC running w2k3 on site B. I'd like to be able to share folders, etc securely via the Internet.

Thanks again so much for all your helpful and timely replies.

Collapse -

Small Business Server 2003

by CG IT In reply to what im trying to do

best way to do this is on a Small Business Server 2003 is RWW or simply VPN using the remote connection client program. An even better way is to publish the internal Company Web via https.

L2TP IPSec over VPN, though really secure would be a bear to administer on SBS network.

Collapse -

visit Technet

by CG IT In reply to Configure certificates fo ...

If this is on a Small Business Server network, visit Microsoft Technet for for installing certificate services in a SBS environment and using L2TP during remote Access. .

Related Discussions

Related Forums