[Openswan Users] X-509 in openswan

kumar nani kumar_lists at yahoo.co.in
Fri Aug 5 10:39:34 CEST 2005


Hi Andreas,

I have checked my log messages.I think there is some
error while loading my private key.See below the dump
of /var/log/messages

Aug  5 12:24:31 buick ipsec_setup: KLIPS ipsec0 on
eth0 192.168.1.124/255.255.255.0 broadcast
192.168.1.255
Aug  5 12:24:31 buick ipsec_setup: ...Openswan IPsec
started
Aug  5 12:24:31 buick ipsec_setup: Starting Openswan
IPsec cvs2002Mar12_05:49:03...
Aug  5 12:24:31 buick ipsec__plutorun: 003
"/etc/ipsec.secrets" line 1: error loading RSA private
key file

2.When I am executing the command
 "ipsec auto --rereadsecrets" then also same message
is coming.

003 "/etc/ipsec.secrets" line 1: error loading RSA
private key file

My ipsec.secrets is given below.
--------------------------------
: RSA kumar.com.key "kumar123"

Is there any thing still I have to do.

Thanks 
Kumar

--- Andreas Steffen <andreas.steffen at strongsec.net>
wrote:

> Check your logs for error messages while loading the
> private key file. You can repeat the loading process
> by typing
> 
>    ipsec auto --rereadsecrets
> 
> If the private key is loaded correctly but the
> command
> 
>    ipsec auto --listcerts
> 
> list your certificate without the comment
> 
>    ..., has private key
> 
> then the public key contained in the certificate
> does
> not match the private key.
> 
> Regards
> 
> Andreas
> 
> kumar nani wrote:
> > Hello Everybody,
> > 
> >  I have installed openswan-2.3.0 on two Redhat
> Linux
> > machines and preshared keys are working fine.I'm
> > trying to setup IPSec tunnel in openswan using
> x509
> > certificates, but keep getting told by openswan
> that
> > it can't find my private RSA key.
> > 
> > I have used openssl for generating certificates by
> > following the instructions given in this webpage
> > 
> >
>
http://www.natecarlson.com/linux/ipsec-x509.php#casetup
> > 
> > 
> > ipsec.conf is below
> > --------------------
> >                                                   
>    
> >                                      
> > conn kumar
> >         type=tunnel
> >         authby=rsasig
> >         leftrsasigkey=%cert
> >         rightrsasigkey=%cert
> >         left=xxx.xxx.xxx.xxx
> >         leftcert=kumar.com.pem
> >         right=yyy.yyy.yyy.yyy
> >         rightcert=nitin.com.pem
> >         auto=add
> >         pfs=yes
> >                
> > My ipsec.secrets
> > -----------------
> > : RSA kumar.com.key "kumar123"
> > 
> > When I attempt to bring up the connection, it
> fails,
> > claiming that it cannot find my RSA key.
> > 
> > /usr/local/sbin/ipsec auto --up naveen
> > 
> > 104 "kumar" #1: STATE_MAIN_I1: initiate
> > 003 "kumar" #1: received Vendor ID payload [Dead
> Peer
> > Detection]
> > 106 "kumar" #1: STATE_MAIN_I2: sent MI2, expecting
> MR2
> > 003 "kumar" #1: unable to locate my private key
> for
> > RSA Signature
> > 224 "kumar" #1: STATE_MAIN_I2:
> AUTHENTICATION_FAILED
> > 
> > 
> > If anyone has a suggestion that might help me to
> solve
> > this problem, I'd appreciate it greatly.
> > 
> > 
> > ** Kumar **
> 
>
=======================================================================
> Andreas Steffen                   e-mail:
> andreas.steffen at strongsec.com
> strongSec GmbH                    home:  
> http://www.strongsec.com
> Alter Zürichweg 20                phone:  +41 1 730
> 80 64
> CH-8952 Schlieren (Switzerland)   fax:    +41 1 730
> 80 65
> ==========================================[strong
> internet security]===
> 



		
__________________________________________________________
How much free photo storage do you get? Store your friends 'n family snaps for FREE with Yahoo! Photos http://in.photos.yahoo.com


More information about the Users mailing list