[vpn-help] Using certificates with Draytek router: Does it work?

[Stefano Ferrante]

Merry xMas to all.

I am trying to set up a vpn tunnel with shrew vpn client to a Draytek Vigor 2955 using self signed certificates but it doesn't seem to work.

Scenario:
Mobile laptop with Ubuntu 10.10 os installed connecting to internet via HTC Desire tethered phone.

I have been able to successfully establish a vpn connection using preshared keys but cannot do the same using certificates (opensssl generated ones).

I created a CA and installed it's public key as root on the Vigor.
I used Vigor's interface to generate a certificate signing request, that I copied on the laptop, signed it and tranferred it back to the Vigor as a local certificate.

The draytek's web interfaces shows a "successfully imported" certificates status for both Trusted root CA and the local certificate.

Then I generated a new certificate on the laptop and used it with shrew as local certificate.

Then I started syslog monitoring on the vigor but it does not show any sign of connection attempts from the vpn client and the staus of the client remains still on "connecting" until negotiation timeout occurs.

I also set up a ipsec peer idetity on the vigor, together with a dial in account.

Has anyone been able to use a X509 connection with shrew to a Draytek router?

The only available document in the web is written in German but refers to preshared keys as indicated in shrewsoft website.

Can anyone help, please?

Stefano