[Openswan Users]

Amit Saxena saxena at students.iiit.net
Fri Mar 12 16:35:37 CET 2004


In continuation with the earlier email, I have downloaded the openswan and 
the atrpms rpms and installed them successfully on redhat 9.0.

But after installing when i execute the command 
"service ipsec restart"

i get this output

*************************************************************

/usr/sbin/ipsec: unknown IPsec command `_confread' (`ipsec --help' for 
list)
/usr/sbin/ipsec: unknown IPsec command `_confread' (`ipsec --help' for 
list)
ipsec_setup: /usr/sbin/ipsec: unknown IPsec command `_realsetup' (`ipsec 
--help' for list)
/usr/sbin/ipsec: unknown IPsec command `_confread' (`ipsec --help' for 
list)
ipsec_setup: /usr/sbin/ipsec: unknown IPsec command `_realsetup' (`ipsec 
--help' for list)

**************************************************************

even i rebooted the system also and also i tried the command

"ipsec verify" 

and i get this output

**************************************************************
/usr/sbin/ipsec: unknown IPsec command `verify' (`ipsec --help' for list)
**************************************************************

can anybody help me in this case ?

thanx in advance


On Fri, 12 Mar 2004, Amit Saxena wrote:

> 
> Hello everybody,
> 
> I am having problems in setting up IPSEC communication between a linux 
> gateway (172.16.3.3) and a linux host (172.16.3.7) in my lab. 
> 
> I was using freeswan 2.04 earlier but now somebody has suggested me to go 
> for openswan. I have not tried that so far , but whenever i will download 
> the rpms for redhat 9.0 i will install them and try the same.
> 
> I have attached my ipsec.conf and ipsec.secrets file with this email as an 
> attchement.
> 
> I am configuring host to host ipsec setup between the 2 systems in the 
> same lab. The ip of the switch in our lab is 172.16.3.1.
> 
> I have used the url http://mia.ece.uic.edu/~papers/volans/ipsec.html and 
> the natecarlson url http://www.natecarlson.com/linux/ipsec-x509.php in 
> setting up the keys and the certificates.
> 
> I have used following commands for generation and configuration of the 
> file
> 
> a) ipsec newhostkey --output /etc/ipsec.secrets
> b) I edited the file /etc/ipsec.secrets and made appropriate changes.
> c) for ipsec.conf and the certificated generation, I used the natecarlson 
> tutorial completely.
> 
> Though I am getting the ipsec communication between the two systems but i 
> am not sure whether it is encrypting using the default keys in the 
> ipsec.secrets or the certificates which i have created. Also the output of 
> the command "ipsec --showhostkey --key" gives the default public key as 
> the public key output and not the public key used in the certificates.
> 
> Also please let me know is there a way through which i can sniff on the 
> ipsec packet and the related transformation going on so that i will get an 
> idea which key is being used by the ipsec for encryption of the packet. 
> Ethereal and Tcpdump here and not helping much.
> 
> Please help me !
> 
> thanx in advance
> 
> **************** ipsec.secrets **********************
> 
> : RSA 172.16.3.3.pem
> 
> : RSA	{
> 	# RSA 2192 bits   WIZARD   Fri Feb 27 17:52:25 2004
> 	# for signatures only, UNSAFE FOR ENCRYPTION
> 	#pubkey=0sAQOHAq95mRZYj8WYYMZd4nZwR+3Lv5mVZTS9W1PwxplyAVR8d2qtXLgrKCEF4TwQeDdzcEaKjRor8SmY8tlzxlNPTafTOZB1WZs1iIFnabvfFpH65j9GSTMWIKWQR0n7zfu+A0HY/pVoNs+CSf5l48Bsp1eOThggV0U17nvy1BemSbL0AanqhkOclcRNnhHhXI337h/3YApKpmv6Lq/pWtHQwNN0J80Iq96GkuDMwqozafDBhQpqz1x2rgqihZbC+6hQ8ESuicYv5fxlfHqUcbmzrR9QDAz/bvMh+oWROJQCS74yR6tarCY4FnbFPpcF3Z/JOkBsTj33fSUeLSIt6yc5C8rccZkp9zh5ZCEkvzO6LGGz
> 	Modulus: 0x8702af799916588fc59860c65de2767047edcbbf99956534bd5b53f0c6997201547c776aad5cb82b282105e13c1078377370468a8d1a2bf12998f2d973c6534f4da7d3399075599b3588816769bbdf1691fae63f4649331620a5904749fbcdfbbe0341d8fe956836cf8249fe65e3c06ca7578e4e1820574535ee7bf2d417a649b2f401a9ea86439c95c44d9e11e15c8df7ee1ff7600a4aa66bfa2eafe95ad1d0c0d37427cd08abde8692e0ccc2aa3369f0c1850a6acf5c76ae0aa28596c2fba850f044ae89c62fe5fc657c7a9471b9b3ad1f500c0cff6ef321fa85913894024bbe3247ab5aac26381676c53e9705dd9fc93a406c4e3df77d251e2d222deb27390bcadc719929f73879642124bf33ba2c61b3
> 	PublicExponent: 0x03
> 	# everything after this point is secret
> 	PrivateExponent: 0x16807294442e6417f64410210fa5be680bfcf74a9998e63374e48dfd766ee8558e14be91c78f7407315ad65034ad695e933d611717845ca831997dcee8a10de28cf14ddeed68e44488ec15913c49fa83c2ff265fe10c332e5ac642b68c54a2549fab35a42a6e3c092295b6ffbba5f56771394262595ab93633a7bf53235946619dd3559c51c10b44c36240c2673d4e3b229fc417d247b3a0646f699901f699678f5733bf3d5540d75cf542f13a181338c799bb5ca45e1e3234197a16a9c71bdadabaeebb5d80a151ec3729e9371cb14d72cfe83b9b446237f478d78e4430166494df092f250c3a36ca3abf6d964d485e1771d0f43f5f03add6f4b17db3300e7797a0fd7336db587be7ed1715a58381db00ab
> 	Prime1: 0xd2ea73a96080eee9e94f8b9a9d02d70e242d506a5c4ae4a03391c388a8fb9eedd23b96b744fbf271d5c50ac7bb9a410c8763a330ccb23537e15680f63f06569915f10c466856ef961e192f9854e899340c0e1934ceecd1d66615988be8dffbe6896c9e86773e632b54254661fe26fff364a93eec7dfe6a71691c592b0796d8eecffe37e51dd0bc8bb3
> 	Prime2: 0xa3de9bfd11063c3e4637dcd7bf120d033987c97336ee7ec494abe8d4602b336b01138eaed4c422d1515bd3c8df0d0868ea625a6b4ba251f8ad55c9628361a3da048ff7035d3af36621c576d110390a33196a226aa48f1e6a91faf7f079e8f3728cdc0e8abeed08113b356c7005ba6a27fd5af10e4cd2010c9bcf6524fe4d781b05986af900de4dd201
> 	Exponent1: 0x8c9c4d1b95ab49f1463507bc68ac8f5ec2c8e046e831edc022612d05c5fd149e8c27b9cf8352a1a1392e072fd266d6085a426ccb332178cfeb8f00a42a0439bb63f6082ef039f50ebebb7510389b10cd5d5ebb7889f3368eeeb9105d45eaa7ef064869aefa2997723818d996a96f554cedc629f2fea99c4b9b683b72050f3b49dffecfee13e07db277
> 	Exponent2: 0x6d3f12a8b604282984253de52a0c08acd10530f779f454830dc7f08d95722247560d09c9e32d6c8b8b928d3094b35af09c41919cdd16e150738e8641acebc291585ffa023e274ceec12e4f360ad0b1776646c19c6db4bef1b6a74ff5a69b4cf70892b45c7f48b00b7cce484aae7c46c55391f609888c00b3128a436dfede501203baf1fb55e98936ab
> 	Coefficient: 0x065ed3df8bad1b86dc50c208507db8783672e09ca538da0dc5c31f62fa513546f0bc522b77a6461445a82b87b47e03418bc1463e09daf239bc2b2d8cbcff18e73f3dd310410992d2bff36ed3309ce1bf986d3f05dcb7deaa88abed517f7217aba75952f752bb67310534917dc939e26a39d448da3710243de7d0bd23bb78871aefeeac27ced5efdcf5
> 	}
> # do not change the indenting of that "}"
> 
> 
> ************************** ipsec.conf *********************************
> 
> 
> # /etc/ipsec.conf - FreeS/WAN IPsec configuration file
> # RCSID $Id: ipsec.conf.in,v 1.11 2003/06/13 23:28:41 sam Exp $
> 
> # This file:  /usr/local/share/doc/freeswan/ipsec.conf-sample
> #
> # Manual:     ipsec.conf.5
> #
> # Help: 
> # http://www.freeswan.org/freeswan_trees/freeswan-2.04/doc/quickstart.html
> # http://www.freeswan.org/freeswan_trees/freeswan-2.04/doc/config.html
> # http://www.freeswan.org/freeswan_trees/freeswan-2.04/doc/adv_config.html
> #
> # Policy groups are enabled by default. See:
> # http://www.freeswan.org/freeswan_trees/freeswan-2.04/doc/policygroups.html
> #
> # Examples:
> # http://www.freeswan.org/freeswan_trees/freeswan-2.04/doc/examples   
> 
> 
> version	2.0	# conforms to second version of ipsec.conf specification
> 
> # basic configuration
> config setup
> 	# Debug-logging controls:  "none" for (almost) none, "all" for lots.
> 	klipsdebug=none
> 	plutodebug=none
> 	interfaces="ipsec0=eth0"
> 	uniqueids=yes
> 
> 
> # Add connections here.
> 
> # sample VPN connection
> #sample#	conn sample
> #sample#		# Left security gateway, subnet behind it, next hop toward right.
> #sample#		left=10.0.0.1
> #sample#		leftsubnet=172.16.0.0/24
> #sample#		leftnexthop=10.22.33.44
> #sample#		# Right security gateway, subnet behind it, next hop toward left.
> #sample#		right=10.12.12.1
> #sample#		rightsubnet=192.168.0.0/24
> #sample#		rightnexthop=10.101.102.103
> #sample#		# To authorize this connection, but not actually start it, at startup,
> #sample#		# uncomment this.
> #sample#		#auto=start
> 
> conn myconnection
> 		left=172.16.3.7
> 		leftnexthop=172.16.3.1
> 		#leftid=%default
> 		leftrsasigkey=0sAQOHAq95mRZYj8WYYMZd4nZwR+3Lv5mVZTS9W1PwxplyAVR8d2qtXLgrKCEF4TwQeDdzcEaKjRor8SmY8tlzxlNPTafTOZB1WZs1iIFnabvfFpH65j9GSTMWIKWQR0n7zfu+A0HY/pVoNs+CSf5l48Bsp1eOThggV0U17nvy1BemSbL0AanqhkOclcRNnhHhXI337h/3YApKpmv6Lq/pWtHQwNN0J80Iq96GkuDMwqozafDBhQpqz1x2rgqihZbC+6hQ8ESuicYv5fxlfHqUcbmzrR9QDAz/bvMh+oWROJQCS74yR6tarCY4FnbFPpcF3Z/JOkBsTj33fSUeLSIt6yc5C8rccZkp9zh5ZCEkvzO6LGGz
> 		right=172.16.3.3
> 		rightnexthop=172.16.3.1
> 		#rightid=%default
> 		rightrsasigkey=0sAQOHAq95mRZYj8WYYMZd4nZwR+3Lv5mVZTS9W1PwxplyAVR8d2qtXLgrKCEF4TwQeDdzcEaKjRor8SmY8tlzxlNPTafTOZB1WZs1iIFnabvfFpH65j9GSTMWIKWQR0n7zfu+A0HY/pVoNs+CSf5l48Bsp1eOThggV0U17nvy1BemSbL0AanqhkOclcRNnhHhXI337h/3YApKpmv6Lq/pWtHQwNN0J80Iq96GkuDMwqozafDBhQpqz1x2rgqihZbC+6hQ8ESuicYv5fxlfHqUcbmzrR9QDAz/bvMh+oWROJQCS74yR6tarCY4FnbFPpcF3Z/JOkBsTj33fSUeLSIt6yc5C8rccZkp9zh5ZCEkvzO6LGGz
> 		auth=esp
> 		authby=rsasig
> 		auto=ignore
> 		type=tunnel 
> 
> ************************************************************************************8		
> 
> 
> 
> 

-- 
Have a nice day

from 
Amit Saxena
M.Tech CS 2nd year

It takes , 
a minute to find a special person 
an hour to appreciate 
a day to love 

but an entire life to forget them




More information about the Users mailing list