In this paper we will use XCA to configure the PKI part needed for L2TP/IPsec VPN connections using certificates for IKE main mode authentification.
With XCA you can create a CA, sign server and client certificates, revoke server or client certificates, create a CRL, etc.; all from a GUI.
So you can view and manage with ease your L2TP/IPsec PKI.
The certificates and their corresponding private keys are stored in a database, database that you can put it into a safe place and access when needed.
This PKI was tested using:
- as L2TP/IPsec VPN servers: Forefront TMG 2010 and Vyatta Core 6.2
- as L2TP/IPsec VPN clients: Windows XP SP3/Vista SP2/7 SP1 and Mac OS X 10.6.7
Read more ...