[Openswan Users] X-509 in openswan
Andreas Steffen
andreas.steffen at strongsec.net
Fri Aug 5 12:06:59 CEST 2005
The line
: RSA kumar.com.key "kumar123"
must be terminated with a newline character, i.e.
a line feed to the next line.
Andreas
kumar nani wrote:
> Hi Andreas,
>
> I have checked my log messages.I think there is some
> error while loading my private key.See below the dump
> of /var/log/messages
>
> Aug 5 12:24:31 buick ipsec_setup: KLIPS ipsec0 on
> eth0 192.168.1.124/255.255.255.0 broadcast
> 192.168.1.255
> Aug 5 12:24:31 buick ipsec_setup: ...Openswan IPsec
> started
> Aug 5 12:24:31 buick ipsec_setup: Starting Openswan
> IPsec cvs2002Mar12_05:49:03...
> Aug 5 12:24:31 buick ipsec__plutorun: 003
> "/etc/ipsec.secrets" line 1: error loading RSA private
> key file
>
> 2.When I am executing the command
> "ipsec auto --rereadsecrets" then also same message
> is coming.
>
> 003 "/etc/ipsec.secrets" line 1: error loading RSA
> private key file
>
> My ipsec.secrets is given below.
> --------------------------------
> : RSA kumar.com.key "kumar123"
>
> Is there any thing still I have to do.
>
> Thanks
> Kumar
>
> --- Andreas Steffen <andreas.steffen at strongsec.net>
> wrote:
>
>
>>Check your logs for error messages while loading the
>>private key file. You can repeat the loading process
>>by typing
>>
>> ipsec auto --rereadsecrets
>>
>>If the private key is loaded correctly but the
>>command
>>
>> ipsec auto --listcerts
>>
>>list your certificate without the comment
>>
>> ..., has private key
>>
>>then the public key contained in the certificate
>>does
>>not match the private key.
>>
>>Regards
>>
>>Andreas
>>
>>kumar nani wrote:
>>
>>>Hello Everybody,
>>>
>>> I have installed openswan-2.3.0 on two Redhat
>>
>>Linux
>>
>>>machines and preshared keys are working fine.I'm
>>>trying to setup IPSec tunnel in openswan using
>>
>>x509
>>
>>>certificates, but keep getting told by openswan
>>
>>that
>>
>>>it can't find my private RSA key.
>>>
>>>I have used openssl for generating certificates by
>>>following the instructions given in this webpage
>>>
>>>
>>
> http://www.natecarlson.com/linux/ipsec-x509.php#casetup
>
>>>
>>>ipsec.conf is below
>>>--------------------
>>>
>>
>>
>>
>>>
>>>conn kumar
>>> type=tunnel
>>> authby=rsasig
>>> leftrsasigkey=%cert
>>> rightrsasigkey=%cert
>>> left=xxx.xxx.xxx.xxx
>>> leftcert=kumar.com.pem
>>> right=yyy.yyy.yyy.yyy
>>> rightcert=nitin.com.pem
>>> auto=add
>>> pfs=yes
>>>
>>>My ipsec.secrets
>>>-----------------
>>>: RSA kumar.com.key "kumar123"
>>>
>>>When I attempt to bring up the connection, it
>>
>>fails,
>>
>>>claiming that it cannot find my RSA key.
>>>
>>>/usr/local/sbin/ipsec auto --up naveen
>>>
>>>104 "kumar" #1: STATE_MAIN_I1: initiate
>>>003 "kumar" #1: received Vendor ID payload [Dead
>>
>>Peer
>>
>>>Detection]
>>>106 "kumar" #1: STATE_MAIN_I2: sent MI2, expecting
>>
>>MR2
>>
>>>003 "kumar" #1: unable to locate my private key
>>
>>for
>>
>>>RSA Signature
>>>224 "kumar" #1: STATE_MAIN_I2:
>>
>>AUTHENTICATION_FAILED
>>
>>>
>>>If anyone has a suggestion that might help me to
>>
>>solve
>>
>>>this problem, I'd appreciate it greatly.
>>>
>>>
>>>** Kumar **
>>
>>
> =======================================================================
>
>>Andreas Steffen e-mail:
>>andreas.steffen at strongsec.com
>>strongSec GmbH home:
>>http://www.strongsec.com
>>Alter Zürichweg 20 phone: +41 1 730
>>80 64
>>CH-8952 Schlieren (Switzerland) fax: +41 1 730
>>80 65
>>==========================================[strong
>>internet security]===
>>
>
>
>
>
>
> __________________________________________________________
> How much free photo storage do you get? Store your friends 'n family snaps for FREE with Yahoo! Photos http://in.photos.yahoo.com
--
=======================================================================
Andreas Steffen e-mail: andreas.steffen at strongsec.com
strongSec GmbH home: http://www.strongsec.com
Alter Zürichweg 20 phone: +41 1 730 80 64
CH-8952 Schlieren (Switzerland) fax: +41 1 730 80 65
==========================================[strong internet security]===
More information about the Users
mailing list