<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 10pt;
font-family:Tahoma
}
--></style></head>
<body class='hmmessage'><div dir='ltr'>
Hi there,<br><br>I'm trying to setup a L2TP/IPSec test environment using OpenSWAN + xl2tp + pppd, but I can't get OpenSWAN to load the private key correctly.<br>My configuration files seems ok to me, as does the cert/key generation process. Can anyone show me what's wrong?<br><br>I'm using Ubuntu 12.10 x64 with Kernel 3.5.0-18<br>OpenSSL 1.0.1c<br>Openswan U2.6.37/K3.5.0-18-generic (netkey)<br><br>I fallowed this tutorial: http://www.natecarlson.com/2006/07/10/configuring-an-ipsec-tunnel-with-openswan-and-l2tpd/<br><br>1- Created a CACert.pem using: CA.sh -newreq<br>2- Created a CRL file using: openssl ca -gencrl -out crl.pem<br>3- Created a Server certificate pair (cert + key) using: CA.sh -newreq; CA.sh -sign<br>(CAcert and all certificates were genereted with no errors. Server certificate was generated using "senhasenha" as the passphrase)<br>4- Moved the files to the correct /etc/ipsec.d structure<br>5- Here's my ipsec.conf file:<br><br>--- begin ipsec.conf file ---<br>version 2.0 # conforms to second version of ipsec.conf specification<br><br>config setup<br> plutodebug="all"<br> dumpdir=/var/run/pluto/<br> nat_traversal=yes<br> virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12<br> oe=off<br> protostack=netkey<br> plutostderrlog=/var/log/openswan.log<br><br>conn L2TP_IPSEC<br> compress=yes<br> disablearrivalcheck=no<br> authby=rsasig<br> keyingtries=1<br> leftrsasigkey=%cert<br> rightrsasigkey=%cert<br> pfs=no<br> rekey=no<br> type=transport<br> left=PUBLIC.IP.ADDR<br> leftcert=newcert.pem<br> leftprotoport=17/1701<br> right=%any<br> rightprotoport=17/%any<br> auto=add<br>--- end ipsec.conf file ---<br><br>And my ipsec.secrets:<br><br>--- begin ipsec.secrets file ---<br><br>: RSA newkey.key "senhasenha"<br><br>--- end ipsec.secrets file ---<br><br>6- When I start OpenSWAN, the logfile says:<br><br>loading secrets from "/etc/ipsec.secrets"<br> loaded private key file '/etc/ipsec.d/private/newkey.key' (1834 bytes)<br>| file content is not binary ASN.1<br>| -----BEGIN ENCRYPTED PRIVATE KEY-----<br>| -----END ENCRYPTED PRIVATE KEY-----<br>| file coded in PEM format<br>| L0 - RSAPrivateKey:<br>| L1 - version: ASN1 tag 0x02 expected, but is 0x30<br>| 30 40 06 09 2a 86 48 86 f7 0d 01 05 0d 30 33 30<br>| 1b 06 09 2a 86 48 86 f7 0d 01 05 0c 30 0e 04 08<br>| 94 04 00 c4 42 76 2f 74 02 02 08 00 30 14 06 08<br>| 2a 86 48 86 f7 0d 03 07 04 08 03 6f 80 9e bc 85<br>| 65 5d<br> error in PKCS#1 private key<br>"/etc/ipsec.secrets" line 2: error loading RSA private key file<br><br>Big thanks from Brazil,<br><br>Pedro Peixoto<br>
</div></body>
</html>