[Openswan Users] ipsec.secrets
Nate Carlson
natecars at natecarlson.com
Thu May 6 10:41:48 CEST 2004
On Thu, 6 May 2004, Bastien Rocheron wrote:
> set up a frees/wan gateway with a winXP user and a linux user with
> openswan. Everything works great but only 1 strange thing I can't
> understand : when I do a ipsec verify (on the linux gateway or the
> linux user), I got the error about my ipsec.secrets file that tells me
> there is no private key in it. I only get this error since I carefully
> erased the previous private key to replace it with : RSA my.host.net.key
> "my_password" as Nate did in its page. I put the private key in the
> /etc/ipsec.d/private/my.host.net.key.
That's normal - it doesn't see the keys that are called in that way. Maybe
time for a patch in Openswan to fix that? If you check your startup logs,
you should see the key loaded, ie:
May 6 09:20:44 knight pluto[1392]: loaded private key file '/etc/ipsec.d/private/knight.key' (1751 bytes)
If you get something else there, it means you've got a key problem.
> The result is that both my gateway and my linux user have this private
> key error, the windows user can use the link without problem but the
> linux user is unable to use the link and the discussion of the linux
> user and the gateway leads to an informational packet from the gateway
> that says : invalid-key-information(17). Obviously it's only about a
> little misunderstanding in the key management but I can't figure out how
> to change the key format. Anybody can help?
What do your logs say on the Linux roadwarrior box?
------------------------------------------------------------------------
| nate carlson | natecars at natecarlson.com | http://www.natecarlson.com |
| depriving some poor village of its idiot since 1981 |
------------------------------------------------------------------------
More information about the Users
mailing list