[Openswan Users] X-509 in openswan
kumar nani
kumar_lists at yahoo.co.in
Fri Aug 5 09:34:59 CEST 2005
Hello Everybody,
I have installed openswan-2.3.0 on two Redhat Linux
machines and preshared keys are working fine.I'm
trying to setup IPSec tunnel in openswan using x509
certificates, but keep getting told by openswan that
it can't find my private RSA key.
I have used openssl for generating certificates by
following the instructions given in this webpage
http://www.natecarlson.com/linux/ipsec-x509.php#casetup
ipsec.conf is below
--------------------
conn kumar
type=tunnel
authby=rsasig
leftrsasigkey=%cert
rightrsasigkey=%cert
left=xxx.xxx.xxx.xxx
leftcert=kumar.com.pem
right=yyy.yyy.yyy.yyy
rightcert=nitin.com.pem
auto=add
pfs=yes
My ipsec.secrets
-----------------
: RSA kumar.com.key "kumar123"
When I attempt to bring up the connection, it fails,
claiming that it cannot find my RSA key.
/usr/local/sbin/ipsec auto --up naveen
104 "kumar" #1: STATE_MAIN_I1: initiate
003 "kumar" #1: received Vendor ID payload [Dead Peer
Detection]
106 "kumar" #1: STATE_MAIN_I2: sent MI2, expecting MR2
003 "kumar" #1: unable to locate my private key for
RSA Signature
224 "kumar" #1: STATE_MAIN_I2: AUTHENTICATION_FAILED
If anyone has a suggestion that might help me to solve
this problem, I'd appreciate it greatly.
** Kumar **
__________________________________________________________
Free antispam, antivirus and 1GB to save all your messages
Only in Yahoo! Mail: http://in.mail.yahoo.com
More information about the Users
mailing list