Everyone!
My problem – when I create SSL certificate (using selfssl7 or IIS management console), my vpn connection (L2TP with certificate authentication) will not go up (I get error 789). I have to delete this certificate for connection to work again.
I wonder if I do something wrong, here is my selfssl command line:
selfssl7 /Q /T /I /S "site name" /N cn=localhost
I am creating certificate and having troubles on the same machine, which connects to ISP's VPN server. Sorry if my question made you think otherwise.
Best Answer
The certificate you install on the server side has to be trusted by the client. Since you generated a self-signed certificate you should copy the certificate to the clients, import them, and mark them as trusted. If your clients are mobile (ie laptops) then when they are at the office you have a GPO to push the certificate automatically; if they are not mobile and not local you can use remote enrollment or offline enrollment. Hope this helps but if not... you should consider reading an overview and client L2TP/IPSEC config before spending much more time playing around.