Re: Re: I need host to lan how to…

Forums Network Management ZeroShell I need host to lan how to… Re: Re: I need host to lan how to…


@hack2003 wrote:

Im using zeroshell as my router cause my modem (ECI 312+) is getting stuck on router mode.
and i want to use his host to lan vpn feature but i dont now a thing about what certification to export and how to import on windows xp pro.
dont now if my vpn connection settings is ok and if my certification is fine.

so my steps was like this. (i have windows in hebrew and i googled the net for some manuals about those things and now im writing so i now the steps but cant remember the tabs and other stuff on english so sorry).
got into x.509 CA opened setup and configured my own settings as name Validity country state Organization and E-Mail Address then i press genterate.
the if bla bla was there and i press the OK button.
then i got into users>groups and added a group named VPN with gid as 65555.
got into users>users>add> set name, password, group gid as VPN, first and last name, the kerobros 5, host-to-lan and the 802.x was marked then press submit.
a screen of certification thing apears then i generated a pfx certification.

now i added the certification in two ways to my computer.(notice that i have only one user on my computer)
the first is double click on the file then by the wizard next>next>next>next>finish.
then using mmc>add snap in>add>certification>computer account>next>finish>close>ok>expand the certification thing>personal>certifications>right click>all task>import>next>choose the generated file>next>next with no password>marking choose automaticly…>next>finish>ok>file>exit>save file as console1 on my g drive and ok.

on the client side opened in the firewall port number 1701.
making a new connection in windows xp.
new conncetion >next>connect to my work bla bla>vpn>company name as vpn>next>the server ip number>next>finish.
the connection properties>security>mark advanced>settings>use ms-chap v2>ok>netwrok something>vpn type as l2tp>ok.
in the user name im writing my user as “elico”
and my password.
then connect.
now im getting a 792 error some thing with security.

am i wrong in any thing?


For zeroshell CA configurations please use documentation link on the main page.

I will assume you did everything correct with the zeroshell CA and exported your host certificate (pkcs #12, der or pem file to your remote computer, example hostname.pfx) and now you want to configure windows XP or Vista computer.
_______Part 1 of 4_______
Log on an Administrator Account and use the Run. Type “MMC” and when the console opens click, File-Add/Remove Snap-in.

Click Add-Certificates-Add-“Computer Account”
Click Next-Local Computer-Finish

Once again,
Click Add-Certificates-Add-“Service Account”
Click Next-Local Computer-Next-IPSEC Services-Finish

Click OK, Expand “Certificates(Local Computer)”
Right Click Personal-All Tasks-Import…-“hostname.pfx“-Next-Next-Automatically Select Certificate Store-Next-Finish

Expand “Certificates(Local Computer)”-Personal-Certificates
Now you should see your “hostname
_______Part 2 of 4_______

Click OK, Expand “Certificates – Service (IPSEC Services) on Local Computer”
Right Click PolicyAgentPersonal-All Tasks-Import…-“hostname.pfx“-Next-Next-Automatically Select Certificate Store-Next-Finish

Expand “Certificates – Service (IPSEC Services) on Local Computer”-PolicyAgentPersonal-Certificates
Now you should see your “hostname
_______Part 3 of 4_______

Last detail you need to import is the Trusted Root Certification Authorities or your “Zeroshell CA”.

Easy method is to:
Export the der or pem file from your Zeroshell CA to your computer (Zeroshell_CA.der)

Expand “Certificates(Local Computer)”
Right Click Trusted Root Certification Authorities-Certificates-All Tasks-Import…-“Zeroshell_CA.der“-Next-Next-Place all certificates in the following store-Trusted Root Certification Authorities-Next-Finish

Expand “Certificates(Local Computer)”-Trusted Root Certification Authorities-Certificates
Now you should see your “Zeroshell_CA
_______Part 4 of 4_______

You should see the hostname of your computer in 2 places,
Certificates(Local Computer)-Personal-Certificates
Certificates – Service (IPSEC Services) on Local Computer-PolicyAgentPersonal-Certificates

You should see the Zeroshell_CA in 2 places
Certificates (Local Computer)-Trusted Root Certification Authorities-Certificates
Certificates – Service (IPSEC Services) on Local Computer-PolicyAgentTrusted Root Certification Authorities-Certificates

Note: When you add the Zeroshell_CA to the Certificates(Local Computer) it gets added by default to Certificates – Service (IPSEC Services) but if it doesn’t you need to manually add it like we did with the other one.

Note: After completing these steps you can Create a vpn connectoid for Windows Vista & Windows XP with the default settings. In the Networking tab you should select L2TP IPSec VPN. Under Security use Typical(recommended settings) with checkbox Require data encryption (disconnect if none).