On Wed, May 16, 2012 at 10:00 PM, Peter J. Philipp <p...@centroid.eu> wrote: > On Mon, May 14, 2012 at 12:53:34PM +0200, Mike Belopuhov wrote: >> 4) Install the server certificate on the server: >> >> ikectl ca vpn certificate 10.1.0.1 install >> >> 5) To export the client certificate in a ZIP'ed PFX format, you need >> to install zip utility (pkg_add -i zip). >> >> ikectl ca vpn certificate 10.5.0.1 export >> > > Does the .tgz file need to be extracted at all on the server?
On the server? No. For the server certificate you just do the "install". > I've tried > and tried for too long and my certificates are out of sync I think, is there > a command to delete everything and just keep the original blank iked structure > so that one can start over without old certificates in the way? > I guess you can do "ikectl ca vpn delete" and that should remove most of the stuff that gets in the way. >> 6) Transfer 10.5.0.1.zip to the Windows host and load the certificates >> by doubleclicking on them. Make sure that certificates are valid >> in the MMC Certificates Snap-In. > > This gave me a huge headache. I tried using MMC (as administrator and other > user) but my vpn client stayed at 13806 error. Perhaps VPN wasn't meant for > people like me. > As Pavel described, you shouldn't doubleclick as I said because then windows will install it to the user certificates. Quoting Pavel: "MMC and the local computer account switch should be used instead." I believe he refers to the Certificates snap-in. It asks you this question when you add it to the MMC.