[Openswan Users] Fwd: problem with RSA private key
Paul Wouters
paul at xelerance.com
Fri Aug 13 19:08:50 CEST 2004
On Fri, 13 Aug 2004, David Clymer wrote:
> I added the following line to /etc/ipsec.secrets:
>
> juniperhs at hrcsb.org: RSA /etc/ipsec.d/private/jekylKey.pem
>
> I configured my vpn in /etc/ipsec.conf:
>
> # netgear VPN connection
> conn netgear1
> # general options
> type=tunnel
> keyexchange=ike
> pfs=yes
> authby=rsasig
> # Left security gateway, subnet behind it, next hop toward right.
> left=192.168.10.1
> leftsubnet=192.168.2.0/24
> leftid=router at hrcsb.org
> leftcert=jekylCert.pem
> # Right security gateway, subnet behind it, next hop toward left.
> right=192.168.10.192
> rightsubnet=192.168.9.0/24
> rightid=juniperhs at hrcsb.org
> rightcert=netgear1.pem
> auto=start
Is your local really right and not left?
The easiest is probably to just remove the passphrase from your key:
juniperhs at hrcsb.org: RSA /etc/ipsec.d/private/jekylKey.pem
openssl rsa -in /etc/ipsec.d/private/jekylKey.pem -out /etc/ipsec.d/private/jekylKey.pem
Check with ipsec auto --listall and look for 'have private key' to confirm
whether the key could be read.
Paul
More information about the Users
mailing list