Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 0 replies
  • Subscribers 1 subscriber
  • Views 372 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Astaro 8.3.0.9. L2TP + Windows CA Problem

kette
Hello everybody,

my problem ist perhaps simple. I've successfull configured L2TP over IPSec with Preshared Key and User Radius Authentification. 

Now i want to use Certificats to authenticate Clients insted of Preshared Key. So i installed as verification CA my AD CA and changend Authentification Mode to X509 CA check and Certificate to Client Certification Certificate.

If i try to connect, it doesnt work. The Astaro has a Problem to fetch the CRL or the status of the certificate from the client.  Here is my Log:

"D_for admin"[4] 2.202.107.161 #75: responding to Main Mode from unknown peer 2.202.107.161
2013:05:22-15:30:40 hostname pluto[3452]: "D_for admin"[4] 2.202.107.161 #75: ECP_384 is not supported. Attribute OAKLEY_GROUP_DESCRIPTION
2013:05:22-15:30:40 hostname pluto[3452]: "D_for admin"[4] 2.202.107.161 #75: ECP_256 is not supported. Attribute OAKLEY_GROUP_DESCRIPTION
2013:05:22-15:30:40 hostname pluto[3452]: "D_for admin"[4] 2.202.107.161 #74: Peer ID is ID_FQDN: '....'
2013:05:22-15:30:40 hostname pluto[3452]: "D_for admin"[4] 2.202.107.161 #74: crl not found
2013:05:22-15:30:40 hostname pluto[3452]: "D_for admin"[4] 2.202.107.161 #74: certificate status unknown
2013:05:22-15:30:40 hostname pluto[3452]: fetching crl from 'http://..../CertEnroll/.....crl' ...
2013:05:22-15:30:40 hostname pluto[3452]: "D_for admin"[4] 2.202.107.161 #74: we have a cert and are sending it
2013:05:22-15:30:40 hostname pluto[3452]: "D_for admin"[4] 2.202.107.161 #74: sent MR3, ISAKMP SA established
2013:05:22-15:30:40 hostname pluto[3452]: fetching crl from 'ldap:///CN=...,CN=...,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=...,DC=...?certificateRevocationList?base?objectClass=cRLDistributionPoint' ...
2013:05:22-15:30:40 hostname pluto[3452]: LDAP bind to 'ldap:///CN=....,CN=....,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=....,DC=....?certificateRevocationList?base?objectClass=cRLDistributionPoint' failed: Can't contact LDAP server
2013:05:22-15:30:40 hostname pluto[3452]: crl fetching failed 


If i try to connect to CRL via IE or Firefox it works and i can download the crl. LDAP connect works too.


This thread was automatically locked due to age.
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?

Unfiltered HTML