<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 10pt;
font-family:Tahoma
}
--></style></head>
<body class='hmmessage'><div dir='ltr'>
Hi,<br><br>Sorry for previous message replied outside of the List.<br><br>Thanks for replying. That solved the problem, but now it
seems there is no need to use the Private Key passphrase in the secrets
file (even a random string will be accepted). Is that correct?<br><br>Thanks in advance,<br><br>Pedro Peixoto.<br><br><div><div id="SkyDrivePlaceholder"></div>> Date: Thu, 6 Dec 2012 16:00:50 +0530<br>> From: elison.niven@elitecore.com<br>> To: pedrohrfp@hotmail.com<br>> CC: users@lists.openswan.org<br>> Subject: Re: [Openswan Users] Openswan not able to load x509 Private Key<br>> <br>> Try this :<br>> openssl rsa -in /etc/ipsec.d/private/newkey.key -out newkey.key.new<br>> and use that in ipsec.secrets.<br>> <br>> On Thursday 29 November 2012 07:19:58 PM IST, Pedro Peixoto wrote:<br>> > Hi there,<br>> ><br>> > I'm trying to setup a L2TP/IPSec test environment using OpenSWAN +<br>> > xl2tp + pppd, but I can't get OpenSWAN to load the private key correctly.<br>> > My configuration files seems ok to me, as does the cert/key generation<br>> > process. Can anyone show me what's wrong?<br>> ><br>> > I'm using Ubuntu 12.10 x64 with Kernel 3.5.0-18<br>> > OpenSSL 1.0.1c<br>> > Openswan U2.6.37/K3.5.0-18-generic (netkey)<br>> ><br>> > I fallowed this tutorial:<br>> > http://www.natecarlson.com/2006/07/10/configuring-an-ipsec-tunnel-with-openswan-and-l2tpd/<br>> ><br>> > 1- Created a CACert.pem using: CA.sh -newreq<br>> > 2- Created a CRL file using: openssl ca -gencrl -out crl.pem<br>> > 3- Created a Server certificate pair (cert + key) using: CA.sh<br>> > -newreq; CA.sh -sign<br>> > (CAcert and all certificates were genereted with no errors. Server<br>> > certificate was generated using "senhasenha" as the passphrase)<br>> > 4- Moved the files to the correct /etc/ipsec.d structure<br>> > 5- Here's my ipsec.conf file:<br>> ><br>> > --- begin ipsec.conf file ---<br>> > version 2.0 # conforms to second version of ipsec.conf specification<br>> ><br>> > config setup<br>> > plutodebug="all"<br>> > dumpdir=/var/run/pluto/<br>> > nat_traversal=yes<br>> ><br>> > virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12<br>> > oe=off<br>> > protostack=netkey<br>> > plutostderrlog=/var/log/openswan.log<br>> ><br>> > conn L2TP_IPSEC<br>> > compress=yes<br>> > disablearrivalcheck=no<br>> > authby=rsasig<br>> > keyingtries=1<br>> > leftrsasigkey=%cert<br>> > rightrsasigkey=%cert<br>> > pfs=no<br>> > rekey=no<br>> > type=transport<br>> > left=PUBLIC.IP.ADDR<br>> > leftcert=newcert.pem<br>> > leftprotoport=17/1701<br>> > right=%any<br>> > rightprotoport=17/%any<br>> > auto=add<br>> > --- end ipsec.conf file ---<br>> ><br>> > And my ipsec.secrets:<br>> ><br>> > --- begin ipsec.secrets file ---<br>> ><br>> > : RSA newkey.key "senhasenha"<br>> ><br>> > --- end ipsec.secrets file ---<br>> ><br>> > 6- When I start OpenSWAN, the logfile says:<br>> ><br>> > loading secrets from "/etc/ipsec.secrets"<br>> > loaded private key file '/etc/ipsec.d/private/newkey.key' (1834 bytes)<br>> > | file content is not binary ASN.1<br>> > | -----BEGIN ENCRYPTED PRIVATE KEY-----<br>> > | -----END ENCRYPTED PRIVATE KEY-----<br>> > | file coded in PEM format<br>> > | L0 - RSAPrivateKey:<br>> > | L1 - version: ASN1 tag 0x02 expected, but is 0x30<br>> > | 30 40 06 09 2a 86 48 86 f7 0d 01 05 0d 30 33 30<br>> > | 1b 06 09 2a 86 48 86 f7 0d 01 05 0c 30 0e 04 08<br>> > | 94 04 00 c4 42 76 2f 74 02 02 08 00 30 14 06 08<br>> > | 2a 86 48 86 f7 0d 03 07 04 08 03 6f 80 9e bc 85<br>> > | 65 5d<br>> > error in PKCS#1 private key<br>> > "/etc/ipsec.secrets" line 2: error loading RSA private key file<br>> ><br>> > Big thanks from Brazil,<br>> ><br>> > Pedro Peixoto<br>> ><br>> ><br>> > _______________________________________________<br>> > Users@lists.openswan.org<br>> > https://lists.openswan.org/mailman/listinfo/users<br>> > Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy<br>> > Building and Integrating Virtual Private Networks with Openswan:<br>> > http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155<br>> <br>> --<br>> Best Regards,<br>> Elison Niven<br></div> </div></body>
</html>