Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 1 subscriber
  • Views 2280 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Win7 & multiple L2TP/IPSec VPNs

utmfan
So I'm trying to configure multiple VPNs on a Windows 7 machine using L2TP, and it would appear that you cannot use more than one "Personal Certificate" to identify the user, as Windows doesn't have any way of selecting the correct user certificate. Having multiple trusted root authorities is not a problem, though. 

With that in mind, I was wondering if it would be possible to replicate the user certificate across multiple UTMs? I have tried downloading and uploading the certificates through "Certificate Management" in web admin, but so far without any success. Can anyone give me some pointers?


This thread was automatically locked due to age.
Parents
  • 0
    I wonder if you don't also need to use the same "Local X509 Cert" in the L2TP/IPsec definitions.  That would require importing the cert+CA from your first unit into the others with a different name and then selecting it in L2TP/IPsec.

    Did that do it?

    Cheers - Bob
    PS Hopefully, d12fk or one of the other VPN ninjas will come here and comment.
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    I wonder if you don't also need to use the same "Local X509 Cert" in the L2TP/IPsec definitions.  That would require importing the cert+CA from your first unit into the others with a different name and then selecting it in L2TP/IPsec.

    Did that do it?

    Cheers - Bob
    PS Hopefully, d12fk or one of the other VPN ninjas will come here and comment.


    Got around to trying this: no go either.  I suspect because the Local X509 has a different FQDN that it isn't going to be happy importing a certificate from another UTM.  I just get the same 789 error from Windows.  

    This is really annoying.  Why wouldn't you want to use multiple certificates in your VPN profiles?  It seems like a silly oversight on Microsoft's part.  Or perhaps I'm missing a configuration step somewhere that lets you specify which certificate to use...
Reply
  • 0 in reply to BAlfson
    I wonder if you don't also need to use the same "Local X509 Cert" in the L2TP/IPsec definitions.  That would require importing the cert+CA from your first unit into the others with a different name and then selecting it in L2TP/IPsec.

    Did that do it?

    Cheers - Bob
    PS Hopefully, d12fk or one of the other VPN ninjas will come here and comment.


    Got around to trying this: no go either.  I suspect because the Local X509 has a different FQDN that it isn't going to be happy importing a certificate from another UTM.  I just get the same 789 error from Windows.  

    This is really annoying.  Why wouldn't you want to use multiple certificates in your VPN profiles?  It seems like a silly oversight on Microsoft's part.  Or perhaps I'm missing a configuration step somewhere that lets you specify which certificate to use...
Children
No Data
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?

Unfiltered HTML