[Openswan Users] X-509 in openswan
kumar nani
kumar_lists at yahoo.co.in
Fri Aug 5 10:39:34 CEST 2005
Hi Andreas,
I have checked my log messages.I think there is some
error while loading my private key.See below the dump
of /var/log/messages
Aug 5 12:24:31 buick ipsec_setup: KLIPS ipsec0 on
eth0 192.168.1.124/255.255.255.0 broadcast
192.168.1.255
Aug 5 12:24:31 buick ipsec_setup: ...Openswan IPsec
started
Aug 5 12:24:31 buick ipsec_setup: Starting Openswan
IPsec cvs2002Mar12_05:49:03...
Aug 5 12:24:31 buick ipsec__plutorun: 003
"/etc/ipsec.secrets" line 1: error loading RSA private
key file
2.When I am executing the command
"ipsec auto --rereadsecrets" then also same message
is coming.
003 "/etc/ipsec.secrets" line 1: error loading RSA
private key file
My ipsec.secrets is given below.
--------------------------------
: RSA kumar.com.key "kumar123"
Is there any thing still I have to do.
Thanks
Kumar
--- Andreas Steffen <andreas.steffen at strongsec.net>
wrote:
> Check your logs for error messages while loading the
> private key file. You can repeat the loading process
> by typing
>
> ipsec auto --rereadsecrets
>
> If the private key is loaded correctly but the
> command
>
> ipsec auto --listcerts
>
> list your certificate without the comment
>
> ..., has private key
>
> then the public key contained in the certificate
> does
> not match the private key.
>
> Regards
>
> Andreas
>
> kumar nani wrote:
> > Hello Everybody,
> >
> > I have installed openswan-2.3.0 on two Redhat
> Linux
> > machines and preshared keys are working fine.I'm
> > trying to setup IPSec tunnel in openswan using
> x509
> > certificates, but keep getting told by openswan
> that
> > it can't find my private RSA key.
> >
> > I have used openssl for generating certificates by
> > following the instructions given in this webpage
> >
> >
>
http://www.natecarlson.com/linux/ipsec-x509.php#casetup
> >
> >
> > ipsec.conf is below
> > --------------------
> >
>
> >
> > conn kumar
> > type=tunnel
> > authby=rsasig
> > leftrsasigkey=%cert
> > rightrsasigkey=%cert
> > left=xxx.xxx.xxx.xxx
> > leftcert=kumar.com.pem
> > right=yyy.yyy.yyy.yyy
> > rightcert=nitin.com.pem
> > auto=add
> > pfs=yes
> >
> > My ipsec.secrets
> > -----------------
> > : RSA kumar.com.key "kumar123"
> >
> > When I attempt to bring up the connection, it
> fails,
> > claiming that it cannot find my RSA key.
> >
> > /usr/local/sbin/ipsec auto --up naveen
> >
> > 104 "kumar" #1: STATE_MAIN_I1: initiate
> > 003 "kumar" #1: received Vendor ID payload [Dead
> Peer
> > Detection]
> > 106 "kumar" #1: STATE_MAIN_I2: sent MI2, expecting
> MR2
> > 003 "kumar" #1: unable to locate my private key
> for
> > RSA Signature
> > 224 "kumar" #1: STATE_MAIN_I2:
> AUTHENTICATION_FAILED
> >
> >
> > If anyone has a suggestion that might help me to
> solve
> > this problem, I'd appreciate it greatly.
> >
> >
> > ** Kumar **
>
>
=======================================================================
> Andreas Steffen e-mail:
> andreas.steffen at strongsec.com
> strongSec GmbH home:
> http://www.strongsec.com
> Alter Zürichweg 20 phone: +41 1 730
> 80 64
> CH-8952 Schlieren (Switzerland) fax: +41 1 730
> 80 65
> ==========================================[strong
> internet security]===
>
__________________________________________________________
How much free photo storage do you get? Store your friends 'n family snaps for FREE with Yahoo! Photos http://in.photos.yahoo.com
More information about the Users
mailing list