[Openswan Users] Fwd: problem with RSA private key

David Clymer dclyme at hrcsb.org
Fri Aug 13 12:22:33 CEST 2004 

 I'm trying to set up a vpn between a netgear FVL328 and openswan using
 x509 certificates, but keep getting told by openswan that it cant find 
 my private RSA key.
 
 I generated that certificate/private key in the following fashion:
 
 openssl req -new -newkey rsa:2048 -out cr.pem # generates a key in ./privkey.pem
 openssl rsa  -in privkey.pem -out privkey.pem # removed the passphrase
 openssl x509 -req -CA ../demoCA/cacert.pem -CAkey ../demoCA/private/cakey.pem -extfile extensions.cnf -in cr.pem -out cert.pem
 
 I then copied cert.pem and privkey.pem to /etc/ipsec.d/certs/jekylCert.pem and 
 /etc/ipsec.d/private/jekylKey.pem, respectivly.
 
 I added the following line to /etc/ipsec.secrets:
 
 juniperhs at hrcsb.org: RSA /etc/ipsec.d/private/jekylKey.pem
 
 I configured my vpn in /etc/ipsec.conf:
 
 # netgear VPN connection
 conn netgear1
         # general options
         type=tunnel
         keyexchange=ike
         pfs=yes
         authby=rsasig
         # Left security gateway, subnet behind it, next hop toward right.
         left=192.168.10.1
         leftsubnet=192.168.2.0/24
         leftid=router at hrcsb.org
         leftcert=jekylCert.pem
         # Right security gateway, subnet behind it, next hop toward left.
         right=192.168.10.192
         rightsubnet=192.168.9.0/24
         rightid=juniperhs at hrcsb.org
         rightcert=netgear1.pem
         auto=start
 
 
 When I attempt to bring up the connection, it fails, claiming that it
 cannot find my RSA key.
 
 jekyl:/etc/ipsec.d/private# ipsec auto --verbose --up netgear1
 002 "netgear1" #43: initiating Main Mode
 104 "netgear1" #43: STATE_MAIN_I1: initiate
 002 "netgear1" #43: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
 106 "netgear1" #43: STATE_MAIN_I2: sent MI2, expecting MR2
 003 "netgear1" #43: unable to locate my private key for RSA Signature
 224 "netgear1" #43: STATE_MAIN_I2: AUTHENTICATION_FAILED
 003 "netgear1" #43: unable to locate my private key for RSA Signature
 224 "netgear1" #43: STATE_MAIN_I2: AUTHENTICATION_FAILED
 003 "netgear1" #43: unable to locate my private key for RSA Signature
 224 "netgear1" #43: STATE_MAIN_I2: AUTHENTICATION_FAILED
 010 "netgear1" #43: STATE_MAIN_I2: retransmission; will wait 20s for response
 003 "netgear1" #43: unable to locate my private key for RSA Signature
 224 "netgear1" #43: STATE_MAIN_I2: AUTHENTICATION_FAILED
 003 "netgear1" #43: ignoring Delete SA payload: not encrypted
 010 "netgear1" #43: STATE_MAIN_I2: retransmission; will wait 40s for response
 031 "netgear1" #43: max number of retransmissions (2) reached STATE_MAIN_I2
 000 "netgear1" #43: starting keying attempt 2 of an unlimited number, but releasing whack
 
 I'm sure that I must be overlooking something, but I dont see what the
 problem could be. If anyone has a suggestion that might put me on the
 right track, I'd appreciate it greatly.
 
 -davidc

More information about the Users mailing list