[Openswan Users] Fwd: problem with RSA private key

Paul Wouters paul at xelerance.com
Fri Aug 13 19:08:50 CEST 2004

On Fri, 13 Aug 2004, David Clymer wrote:

>  I added the following line to /etc/ipsec.secrets:
>  juniperhs at hrcsb.org: RSA /etc/ipsec.d/private/jekylKey.pem
>  I configured my vpn in /etc/ipsec.conf:
>  # netgear VPN connection
>  conn netgear1
>          # general options
>          type=tunnel
>          keyexchange=ike
>          pfs=yes
>          authby=rsasig
>          # Left security gateway, subnet behind it, next hop toward right.
>          left=
>          leftsubnet=
>          leftid=router at hrcsb.org
>          leftcert=jekylCert.pem
>          # Right security gateway, subnet behind it, next hop toward left.
>          right=
>          rightsubnet=
>          rightid=juniperhs at hrcsb.org
>          rightcert=netgear1.pem
>          auto=start

Is your local really right and not left?

The easiest is probably to just remove the passphrase from your key:

juniperhs at hrcsb.org: RSA /etc/ipsec.d/private/jekylKey.pem

openssl rsa  -in /etc/ipsec.d/private/jekylKey.pem -out /etc/ipsec.d/private/jekylKey.pem

Check with ipsec auto --listall and look for 'have private key' to confirm
whether the key could be read.


More information about the Users mailing list