This project is read-only.

LT2P/IPSec parameters not availables [SOLVED]

Jun 14, 2013 at 3:01 PM
Edited Jun 14, 2013 at 3:02 PM
Hi,

I can't fiind anywhere the LT2P/Ipsec advanced settings to setup a new entry.

To check the certificate and uncheck the verify option.

Could you help me please

Regards

Eric

Image
Jun 14, 2013 at 3:16 PM
Hi,

I have the same UseCase (L2TP with Preshared Secret).
Here is the code:
                _entry = RasEntry.CreateVpnEntry(ConnectionName, Hostname, RasVpnStrategy.L2tpOnly, RasDevice.GetDeviceByName("(L2TP)", RasDeviceType.Vpn));
                _entry.Options.UsePreSharedKey = true;
                this._phonebook.Entries.Add(_entry);
                _entry.UpdateCredentials(RasPreSharedKey.Client, PSK);
Important is the UsePreSharedKey-Option and the UpdateCredentials().

Hope it help

Greetz
Jun 14, 2013 at 3:35 PM
Thank for your response,

but i don't use preshared key, only certificate with no verification (then i uncheck the preshared option).

i've seen reference to some ExtendedOptions in older posts, but impossible to find any reference in the dll explorer.

Eric
Jun 15, 2013 at 3:04 AM
Unfortunately since I don't have access to any certificate based VPN servers, I can't test any of this part of DotRas. I'd assume that it works though, since I know people are already using it with them.

As far as your certificate setting, I'd think it has something to do with the entry.Options.RequireMachineCertificates property that was made available in Windows 7, but I can't be certain. If I try and set it, it tells me there are conflicting settings on my entry I'm toying with. I can't be certain whether it's due to a non-existent certificate, or if there really is a configuration setting I've got flipped that shouldn't be.

That'd be the first place I'd start looking. That particular setting ties to the RASEO2_RequireMachineCertificates flag found in Ras.h included in the Windows SDK.
Jun 17, 2013 at 8:41 AM
Edited Jun 17, 2013 at 8:41 AM
OK, found it!

If the UsePresharedKey is false, the "Use certificate" is validated automatically (exclusive options).

The "Verify Name & Usage" is the DisableIkeNameEkuCheck.

Thanks & regards

Eric
Jun 18, 2013 at 1:19 AM
Thank you for letting me know, I'll get it noted in the documentation.