[Openswan Users] X-509 in openswan

Andreas Steffen andreas.steffen at strongsec.net
Fri Aug 5 12:06:59 CEST 2005


The line

: RSA kumar.com.key "kumar123"

must be terminated with a newline character, i.e.
a line feed to the next line.

Andreas

kumar nani wrote:
> Hi Andreas,
> 
> I have checked my log messages.I think there is some
> error while loading my private key.See below the dump
> of /var/log/messages
> 
> Aug  5 12:24:31 buick ipsec_setup: KLIPS ipsec0 on
> eth0 192.168.1.124/255.255.255.0 broadcast
> 192.168.1.255
> Aug  5 12:24:31 buick ipsec_setup: ...Openswan IPsec
> started
> Aug  5 12:24:31 buick ipsec_setup: Starting Openswan
> IPsec cvs2002Mar12_05:49:03...
> Aug  5 12:24:31 buick ipsec__plutorun: 003
> "/etc/ipsec.secrets" line 1: error loading RSA private
> key file
> 
> 2.When I am executing the command
>  "ipsec auto --rereadsecrets" then also same message
> is coming.
> 
> 003 "/etc/ipsec.secrets" line 1: error loading RSA
> private key file
> 
> My ipsec.secrets is given below.
> --------------------------------
> : RSA kumar.com.key "kumar123"
> 
> Is there any thing still I have to do.
> 
> Thanks 
> Kumar
> 
> --- Andreas Steffen <andreas.steffen at strongsec.net>
> wrote:
> 
> 
>>Check your logs for error messages while loading the
>>private key file. You can repeat the loading process
>>by typing
>>
>>   ipsec auto --rereadsecrets
>>
>>If the private key is loaded correctly but the
>>command
>>
>>   ipsec auto --listcerts
>>
>>list your certificate without the comment
>>
>>   ..., has private key
>>
>>then the public key contained in the certificate
>>does
>>not match the private key.
>>
>>Regards
>>
>>Andreas
>>
>>kumar nani wrote:
>>
>>>Hello Everybody,
>>>
>>> I have installed openswan-2.3.0 on two Redhat
>>
>>Linux
>>
>>>machines and preshared keys are working fine.I'm
>>>trying to setup IPSec tunnel in openswan using
>>
>>x509
>>
>>>certificates, but keep getting told by openswan
>>
>>that
>>
>>>it can't find my private RSA key.
>>>
>>>I have used openssl for generating certificates by
>>>following the instructions given in this webpage
>>>
>>>
>>
> http://www.natecarlson.com/linux/ipsec-x509.php#casetup
> 
>>>
>>>ipsec.conf is below
>>>--------------------
>>>                                                  
>>
>>   
>>
>>>                                     
>>>conn kumar
>>>        type=tunnel
>>>        authby=rsasig
>>>        leftrsasigkey=%cert
>>>        rightrsasigkey=%cert
>>>        left=xxx.xxx.xxx.xxx
>>>        leftcert=kumar.com.pem
>>>        right=yyy.yyy.yyy.yyy
>>>        rightcert=nitin.com.pem
>>>        auto=add
>>>        pfs=yes
>>>               
>>>My ipsec.secrets
>>>-----------------
>>>: RSA kumar.com.key "kumar123"
>>>
>>>When I attempt to bring up the connection, it
>>
>>fails,
>>
>>>claiming that it cannot find my RSA key.
>>>
>>>/usr/local/sbin/ipsec auto --up naveen
>>>
>>>104 "kumar" #1: STATE_MAIN_I1: initiate
>>>003 "kumar" #1: received Vendor ID payload [Dead
>>
>>Peer
>>
>>>Detection]
>>>106 "kumar" #1: STATE_MAIN_I2: sent MI2, expecting
>>
>>MR2
>>
>>>003 "kumar" #1: unable to locate my private key
>>
>>for
>>
>>>RSA Signature
>>>224 "kumar" #1: STATE_MAIN_I2:
>>
>>AUTHENTICATION_FAILED
>>
>>>
>>>If anyone has a suggestion that might help me to
>>
>>solve
>>
>>>this problem, I'd appreciate it greatly.
>>>
>>>
>>>** Kumar **
>>
>>
> =======================================================================
> 
>>Andreas Steffen                   e-mail:
>>andreas.steffen at strongsec.com
>>strongSec GmbH                    home:  
>>http://www.strongsec.com
>>Alter Zürichweg 20                phone:  +41 1 730
>>80 64
>>CH-8952 Schlieren (Switzerland)   fax:    +41 1 730
>>80 65
>>==========================================[strong
>>internet security]===
>>
> 
> 
> 
> 
> 		
> __________________________________________________________
> How much free photo storage do you get? Store your friends 'n family snaps for FREE with Yahoo! Photos http://in.photos.yahoo.com


-- 
=======================================================================
Andreas Steffen                   e-mail: andreas.steffen at strongsec.com
strongSec GmbH                    home:   http://www.strongsec.com
Alter Zürichweg 20                phone:  +41 1 730 80 64
CH-8952 Schlieren (Switzerland)   fax:    +41 1 730 80 65
==========================================[strong internet security]===


More information about the Users mailing list