ikev2 _ MachineCerts question

Jul 19, 2011 at 11:49 AM
Edited Jul 19, 2011 at 11:54 AM

Hi there,

firstly , what a pleasure to work with the DotRas SDK! Keep up the good work!

I want to ask how I can connect to our IkeV2 VPN endpoint using dotras. So far I can create the RasEntry about 80% of what I need:

RasEntry entry = RasEntry.CreateVpnEntry("Edge2", "192.168.1.1", RasVpnStrategy.IkeV2Only, RasDevice.GetDeviceByName("IKEv2", RasDeviceType.Vpn),true); 
entry.EncryptionType = RasEncryptionType.Require;
----
I need to use machine certs on the windows 7 PC. I've seen the following  in the sdk docs:

  // RasIkeV2AuthenticationType ikeType = RasIkeV2AuthenticationType.X509Certificate

 Question is, how to i hook this in ?

----

If I add the following line in code : (and try to create the entry)

   entry.Options.RequireMachineCertificates = true;

  I get this exception:

'entry' contains invalid or conflicting settings. Please verify the settings are correct and try again.
Parameter name: entry

---

If I dial a manually (windows) created entry, then I can dial it with the SDK. But if I create one in code, I get this exception:

Exception of type 'DotRas.RasDialException' was thrown.

 (The only visible properties is the "Use Macince Certificates" option,

 

 Thanks for the help!

 

Jul 19, 2011 at 12:39 PM

ah .. got it going - sorry for the noob question... I just had to also make eap false, like this:

 

entry.Options.RequireMachineCertificates = true;
entry.Options.RequireEap = false;

 

Thanks for listening :-()

Coordinator
Jul 19, 2011 at 2:09 PM

Many of the different configurations available haven't been identified simply because I don't have the hardware or infrastructure necessary to host all the different VPN types. The one thing I consistently tell people when they're creating connection entries is to create the entry using the Windows create entry wizard and then inspect it in code once you have it working. You'll be able to see all the different flags that were flipped for the entry to work correctly.

Some of the names of the options don't make much sense simply because I kept them consistent with the flag names used by Windows. I did this so there'd be an easy migration path for anyone that wanted to convert their interop code to letting DotRas handle it for them.

Glad to see you're enjoying working with the SDK. If you have any thoughts on how I can make it easier to get started with, I'm more than open to suggestions!

Jeff