[Swan] Key pair generation failed: "-8037"

[Greg Scott]

> Wouldn't
> http://vouters.dyndns.org/tima/Linux-Shrew-VPN-Client-Setting_an_Intranet_VPN_with_Windows_Seven-Part_2.html
> help you ?

Thanks Philippe - 

Looking that over right now.  So instead of doing RSA keys, do self-signed certificates instead.  

In my case with today's problem, I don't have a road warrior, but 2 fixed sites.  So if I were to go the certificate route, I am guessing I would need to do the server CA stuff on both sides.   How does the right side know about the left side's certificates?  Left sends a self-signed cert to right, and right somehow trusts left as a certificate authority.  So what's the sense in exchanging certificates?  Left says, "My name is Left and here is my certificate.  You can ask our mutually trusted Certificate Authority to verify what I say is true.  By the way, that's me.  So go ahead and ask me as a trusted third party if the certificate I send you to let me in the club is good."   Seems kind of like the fox guarding the chicken coop.  

My other concern is, this looks like a complex solution to what should be a simple problem.  The RSA keys I've used for the past 10+ years just work and I am hoping to still deliver this upgrade sometime today.

But the road warrior piece of you put together is tantalizing.  I've been using PPTP for road warriors for a long time, but PPTP has lots of problems.  One big problem is, support at hotels and other places is pretty much useless.  The piece I'm missing in your document is what do I set up on the Windows 7 road warrior to make all this work?  But this is a topic for another day.

- Greg