[Openswan Users] ipsec.secrets

Bastien Rocheron bastien.rocheron at free.fr
Thu May 6 18:31:10 CEST 2004


Thu, 6 May 2004 09:41:48 -0500 (CDT)
Nate Carlson <natecars at natecarlson.com> Message original :

> On Thu, 6 May 2004, Bastien Rocheron wrote:
> > set up a frees/wan gateway with a winXP user and a linux user with
> > openswan. Everything works great but only 1 strange thing I can't
> > understand :  when I do a ipsec verify (on the linux gateway or the
> > linux user), I got the error about my ipsec.secrets file that tells me
> > there is no private key in it. I only get this error since I carefully
> > erased the previous private key to replace it with : RSA my.host.net.key
> > "my_password" as Nate did in its page. I put the private key in the
> > /etc/ipsec.d/private/my.host.net.key.
> 
> That's normal - it doesn't see the keys that are called in that way. Maybe 
> time for a patch in Openswan to fix that?

Do you mean that a patch already exist and should be applied or that a patch should be made?
I don't relay mind changing the format of the file, if needed I can put the key back in the old way,
does it work ?


 If you
check your startup logs,

> you should see the key loaded, ie:
> 
> May  6 09:20:44 knight pluto[1392]:   loaded private key file '/etc/ipsec.d/private/knight.key'
> (1751 bytes)
> 
> If you get something else there, it means you've got a key problem.
> 
> > The result is that both my gateway and my linux user have this private
> > key error, the windows user can use the link without problem but the
> > linux user is unable to use the link and the discussion of the linux
.> > user and the gateway leads to an informational packet from the gateway
> > that says : invalid-key-information(17). Obviously it's only about a
> > little misunderstanding in the key management but I can't figure out how
> > to change the key format. Anybody can help?
> 
> What do your logs say on the Linux roadwarrior box?

here are the logs when I restart the service :

May  6 17:18:28 ibook ipsec_setup: Restarting Openswan IPsec U2.1.2rc3/K2.6.5-rc3-ben0...
May  6 17:18:28 ibook ipsec_setup: KLIPS ipsec0 on eth2 192.168.1.10/255.255.255.0 broadcast
192.168.1.255 
May  6 17:18:29 ibook ipsec_setup: ...Openswan IPsec started
May  6 17:18:33 ibook ipsec__plutorun: 104 "roadwarrior" #1: STATE_MAIN_I1: initiate
May  6 17:18:33 ibook ipsec__plutorun: ...could not start conn "roadwarrior"

thank you
> 
> ------------------------------------------------------------------------
> | nate carlson | natecars at natecarlson.com | http://www.natecarlson.com |
> |       depriving some poor village of its idiot since 1981            |
> ------------------------------------------------------------------------
> _______________________________________________
> Users mailing list
> Users at lists.openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> 

Bastien Rocheron
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.openswan.org/pipermail/users/attachments/20040506/f62c7596/attachment.bin


More information about the Users mailing list