OOps! Skipping breakfast was a bad idea. I mistakenly edited my local ipsec.config ( I am sshing other two linux machines from third red hat machine). After moving to right machine and right config file I am able to move ahead but getting two different error messages when I --upping the ipsec connection:<div>
<br></div><div>Ubuntu (192.168.101.1): signature check (192.168.101.2 ) failed(wrong key) tried AQ-----</div><div>Red hat machine(192.168.101.2): <span class="Apple-style-span" style="font-family: arial, sans-serif; font-size: 13px; ">Can't find the private key from the NSS CERT (err -12285)</span><br>
<div><br></div><div>Now I am not sure which side is culprit or if both the error r genuine. Any pointers?</div><div><br></div><div>-SP</div><div><br><div class="gmail_quote">On Mon, Sep 26, 2011 at 8:50 AM, satpal parmar <span dir="ltr"><<a href="mailto:systems.satpal@gmail.com">systems.satpal@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">Hi All<div><br><div><div>I am testing ipsec host to host communication. Things went fine when I was running with pre-shared keys and I was able to build tunnel. I concluded this means Pluto is running fine, my kernel/pluto config are ok and things are running in sync. </div>
<div><br></div><div>However when I switched to RSA thing are not working as smoothly. I found my ipsec.secrets key empty on Ubuntu side. When I try to run ipsec newhostley --output /etc/ipsec.secrets I got '--confdir required' err message. I tried to create new NSS databse using certutil failed complaining 'could not authenticate token 'NSS certification DB' which I am not sure Iunderstood. </div>
<div><br></div><div>Finally I was able to created keys using: ---configdir /etc/pki/nssdb. </div><div><br></div><div>Now I have rsa sig on both side ipsec.secrets and minimal config (leftip,leftsidesig, rightip,rightsidesig) but when I up the connection I get 'we cannot identify ourselves with either end of this connection' on Ubuntu side and retransmission failure message on red hat side (whic i think is ok as Ubuntu side failed to respond). </div>
</div><div><br></div><div>I am looking for minimal checklist to confirm my setup/conf is right. I find error message from openswan config n setup are not very explicit n for very error message I have to google and filter a lots of old and new config data.Though I am currently focused on running RSA in one go I will try to document all issues I got and how I resolved them and post it here someday.</div>
<div><br></div><div>I request you to share your latest tryst with running open swan on any linux distro. Last but not the least do let me know how to debug/proceed from 'we cannot identify ourselves with either end of this connection' situation. </div>
<div><br></div><div>Thanks in advance.</div><div><br></div><div>-SP</div><div><br></div><div>===============================================================</div><div><div>My Setup:</div><div><br></div><div>Ubuntu 10 /Opsenswan 2.6.23 <-------------------------------->Redheat 5 /openswan 2.6.21</div>
</div><div><br></div></div>
</blockquote></div><br></div></div>