<div>Hello,</div>
<div> </div>
<div>Thank you for your warning for the secret keys but since I use them in my totally insulated test LAN, there won't be any harm or issue regarding security.</div>
<div> </div>
<div>Actually those error messages in ipsec.secrets file were there before but I noticed them recently and thought they might have a role for unsuccessful connection. I added rekey=no to conn roadwarrior in ipsec.conf and moved
</div>
<div>: RSA host.example.com.key "XXXXXXXX" </div>
<div> </div>
<div>line at the beginning of the ipsec.secrets file.<br><br>After those changes, I still don't have the VPN connection.</div>
<div>The point that I don't understand is that according to windows everything is alright. It shows at the even viewer that SAs are established. </div>
<div> </div>
<div>I gotta do a lot of reading this weekend to figure out this issue. I will write back again.</div>
<div> </div>
<div> </div>
<div> </div>
<div> </div>
<div>Best Regards</div>
<div> </div>
<div>Can Akalin<br><br> </div>
<div><span class="gmail_quote">On 3/17/06, <b class="gmail_sendername">Paul Wouters</b> <<a href="mailto:paul@xelerance.com">paul@xelerance.com</a>> wrote:</span>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid">On Fri, 17 Mar 2006, Can Akalin wrote:<br><br>> But as you can see below, the linux log file at /var/log/messages gave some
<br>> errors. It seems that there is something wrong with the line 21 and 25 of<br>> the /etc/ipsec.secrets file. I copied the ipsec.secrets file below. In case<br>> it helps, I also posted the /etc/ipsec.conf as well.
<br><br>Oh. those werent in the logs before?<br><br>> malformed end of RSA private key -- indented '}' required<br>><br>> Mar 17 15:41:08 linuxserver pluto[6715]: ERROR "/etc/ipsec.secrets" line 21:<br>
> index "}" illegal (non-DNS-name) character in name<br><br>Looks like a missing quote or something.<br><br>> # with "ipsec showhostkey".<br>> : RSA {<br>> # RSA 2048 bits linuxserver Mon Mar 13 10:54:17 2006
<br>> # for signatures only, UNSAFE FOR ENCRYPTION<br>> #pubkey=0sAQO1BQlk3q4J5+6gd/17HH3Osm9oOs6YPUiFTPfnHwBmI/O0/dAHruDB6ZQwvN0CIBXXavCFlOaO4nCabM0czn9J+COhYG0DDUn43ERPUN+bKWM6c5OpsIo0KfXNQlILetSLPRlzqYxz8Cu337mL/i8W8sazEVkl04g3dB3ORx6/CaQHfVtRvC02hMo06tT8QEU3osdnbRtWQWjcUDC/4SAeb1VjCbzDPvnvmLONRfPSePrxJdKm1upRnNVGbJNWeqpW56EbuYeFKlTYj7/pOSAFrJtKHeL02JS1hbqKxsyKQ2Hch5S7m2YErRmgZGPciXUGna/9s6tt4oI+m5eQl2+1
<br>> Modulus:<br>> 0xb5050964deae09e7eea077fd7b1c7dceb26f683ace983d48854cf7e71f006623f3b4fdd007aee0c1e99430bcdd022015d76af08594e68ee2709a6ccd1cce7f49f823a1606d030d49f8dc444f50df9b29633a7393a9b08a3429f5cd42520b7ad48b3d1973a98c73f02bb7dfb98bfe2f16f2c6b3115925d38837741dce471ebf09a4077d5b51bc2d3684ca34ead4fc404537a2c7676d1b564168dc5030bfe1201e6f556309bcc33ef9ef98b38d45f3d278faf125d2a6d6ea519cd5466c93567aaa56e7a11bb987852a54d88fbfe9392005ac9b4a1de2f4d894b585ba8ac6cc8a4361dc8794bb9b6604ad19a06463dc8975069daffdb3ab6de2823e9b9790976fb5
<br>> PublicExponent: 0x03<br>> # everything after this point is secret<br>> PrivateExponent:<br>> 0x1e2b8190cfc7ac51527013ff9484bfa27312915f226eb4e16b8cd3fbda801105fdf37fa2abf27acafc435d74cf805aae4e91d2c0ee266d25bd6f12222f77bfe1a95b4590122b2ce1a97a0b628d7a99dc3b3468989c481708b1a8f78b0dac9478c1df843df19768a807494ff441ffb283d3211dd839864dec093e04f7b6851fd6a8d200582e20d30fe844190baa83b3c9fdb8bd70e074568e7b539d9bb6a691799c6b05589345d4c57cfdadb6d82343da477e3c6e545ee149c3e4266b43b66e424e30c9dbc050b014afac259db7b91804432d12a4716f98759d15215d12486bd686a865c4871cb27f14ef69e6c23715fc3893843768dab201f61ff080e5d89e2b
<br>> Prime1:<br>> 0xe29d68594c89a3ffd246a569d0f0636fc538ec281faa0dab9694008f3b6555feb97ce3e66e8195016b5128460c54aa00d4002bd82e17f2016f6631d794ec755fbea2ff8fc38a1b214d87f811cdd3f37de82c96d00a444d48bb922950f1e36f3b291d85a90638ba6a4869d6170c991bdf7cfe35df93985b823a8289e91ffcde41
<br>> Prime2:<br>> 0xcc7e12f0f06d96d740eaf93b04f5a61980156a9a0ab7413eee529dfb3c9461460b565f0fda9ead57965578fe28cb915a79fb8f647e85b09596162e1168236fbcc31fe6657419498ce947b5fbcd0e9c6e316043733012f88a4b74c90b6736940110cc9f508ab67c9fe7134ee4c9f8e9ac362a60d1aaf2e65482fc6ea90d86dc75
<br>> Exponent1:<br>> 0x97139ae633066d5536d9c39be0a0424a837b481abfc6b3c7b9b8005f7cee39547ba897eef4566356478b702eb2e31c008d5572901ebaa1564a44213a63484e3fd46caa5fd7b1676b8905500bde8d4cfe9ac8648ab182de307d0c1b8b4becf4d21b6903c60425d19c30468eba08661294fdfece950d103d017c57069b6aa8942b
<br>> Exponent2:<br>> 0x88540ca0a0490f3a2b4750d2034e6ebbaab8f1bc0724d629f43713fcd30d962eb23994b53c69c8e50ee3a5fec5dd0b91a6a7b4eda9ae75b90eb9740b9ac24a7dd76a9998f810dbb3462fcea7de09bd9ecb95824ccab7505c324ddb5cef79b800b5ddbf8b0724531544b789eddbfb4672cec6eb3671f744385752f470b3af3da3
<br>> Coefficient:<br>> 0x2d291976cf82e845bf708e8c4b0ac5fcaa8f954c47be1410e6c8ea6fb2ed5651df0d054b97d2ad83bfa87383c8ffd607b3072266bbceaaea9647a1bb55499b2a17b7d34ff76e92210fffba811cca9988d43c9b8448376e5d97ca47714247250d093edf726ce8aa9dc1a5b7b3b66d0e938669d4ca935f40af8c4b9b441c148661
<br>> }<br><br>Note that now you have published your secret key, you should delete it and not use it. I don't think you are using<br>it (It is only used for openswan-openswan in raw key mode). but please delete this part.
<br><br>> # do not change the indenting of that "}"<br>><br>> : RSA host.example.com.key "123ABC"<br><br>Put this line at the first line in your ipsec.secrets.<br>And also here, you should probably change the password of your key, since you just mailed it to all of us.
<br><br>> conn roadwarrior-net<br>> leftsubnet=<a href="http://10.10.10.0/24"></b></font><font color="red"><b>MailScanner has detected a possible fraud attempt from "10.10.10.0" claiming to be</b></font> <font color="red"><b>MailScanner warning: numerical links are often malicious: 10.10.10.0/24</a><br>> also=roadwarrior<br>><br>> conn roadwarrior<br>> left=%defaultroute<br>> leftcert=host.example.com.pem
<br>> right=%any<br>> rightsubnet=vhost:%no,%priv<br>> auto=add<br>> pfs=yes<br><br>btw you need to add rekey=no to conn roadwarrior.<br><br>Paul<br>--<br>Building and integrating Virtual Private Networks with Openswan:
<br><a href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155</a><br></blockquote></div><br>