[Openswan Users] X-509 in openswan

kumar nani kumar_lists at yahoo.co.in
Fri Aug 5 09:34:59 CEST 2005


Hello Everybody,

 I have installed openswan-2.3.0 on two Redhat Linux
machines and preshared keys are working fine.I'm
trying to setup IPSec tunnel in openswan using x509
certificates, but keep getting told by openswan that
it can't find my private RSA key.

I have used openssl for generating certificates by
following the instructions given in this webpage

http://www.natecarlson.com/linux/ipsec-x509.php#casetup


ipsec.conf is below
--------------------
                                                      
                                     
conn kumar
        type=tunnel
        authby=rsasig
        leftrsasigkey=%cert
        rightrsasigkey=%cert
        left=xxx.xxx.xxx.xxx
        leftcert=kumar.com.pem
        right=yyy.yyy.yyy.yyy
        rightcert=nitin.com.pem
        auto=add
        pfs=yes
                                                      
                                                      
               
My ipsec.secrets
-----------------
: RSA kumar.com.key "kumar123"

When I attempt to bring up the connection, it fails,
claiming that it cannot find my RSA key.

/usr/local/sbin/ipsec auto --up naveen

104 "kumar" #1: STATE_MAIN_I1: initiate
003 "kumar" #1: received Vendor ID payload [Dead Peer
Detection]
106 "kumar" #1: STATE_MAIN_I2: sent MI2, expecting MR2
003 "kumar" #1: unable to locate my private key for
RSA Signature
224 "kumar" #1: STATE_MAIN_I2: AUTHENTICATION_FAILED


If anyone has a suggestion that might help me to solve
this problem, I'd appreciate it greatly.


** Kumar **
 


	

	
		
__________________________________________________________
Free antispam, antivirus and 1GB to save all your messages
Only in Yahoo! Mail: http://in.mail.yahoo.com


More information about the Users mailing list