[prev in list] [next in list] [prev in thread] [next in thread]
List: linux-ipsec
Subject: [Users] Strange behaviour with Sentinel clients on windows xp
From: Joe Haynes <jhaynes () terrafirmasolutions ! com>
Date: 2003-06-30 23:45:22
[Download RAW message or body]
This is a bit off topic so I apologize. But I'm wondering
if any of you have experienced this strange behavior
with SSH Sentinel clients (to FreeSwan).
We use sentinel 1.4 as clients to our Freeswan 1.99 server and use X.509
certificates to authenticate remote users. We recently updated our
certificate of authority (the last one expired) so we recreated
certificates for our remote users based on the new CA.
We imported all the new certificates and all of the clients work
correctly except for the clients on windows xp. Actually, clients
on windows xp work right after the new certificate is imported.
But after the user turns off the machine and turns it back on,
SSH Sentinel forgets the certificate for the freeswan gateway
and the authentication fails.
I've been fixing this by having the users re-run the diagnostics
in the policy editor screen. When they run diagnostics, sentinel asks
if the remote certificate (sent by freeswan) is okay to accept
for future connections. The users click 'Yes' and from that
point on the authentication proceeds normally (at least
until the user powers the machine off and on).
My intitial thought was Sentinel is not storing the remote freeswan
certificate or is failing to compare the remote certificate correctly
against the new certificate of authority. But this information is
retained if the user restarts the system (Start - Turn off computer
- restart) or if windows xp is logged into using a different
username.
Has anyone experienced anything like this?
Thank you,
Joe Haynes
Helena, Montana
_______________________________________________
Users mailing list
Users@lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic