[Openswan Users] X-509 in openswan
kumar nani
kumar_lists at yahoo.co.in
Fri Aug 5 12:05:14 CEST 2005
Hi Andreas,
I have added the newline character at the end but stil
the same problem is coming.The /var/log/messages are
showing like this
Aug 5 15:31:22 buick ipsec_setup: ...Openswan IPsec
started
Aug 5 15:31:22 buick ipsec_setup: Starting Openswan
IPsec cvs2002Mar12_05:49:03...
Aug 5 15:31:22 buick ipsec__plutorun: 003
"/etc/ipsec.secrets" line 2: error loading RSA private
key file
Thanks
Kumar
--- Andreas Steffen <andreas.steffen at strongsec.net>
wrote:
> The line
>
> : RSA kumar.com.key "kumar123"
>
> must be terminated with a newline character, i.e.
> a line feed to the next line.
>
> Andreas
>
> kumar nani wrote:
> > Hi Andreas,
> >
> > I have checked my log messages.I think there is
> some
> > error while loading my private key.See below the
> dump
> > of /var/log/messages
> >
> > Aug 5 12:24:31 buick ipsec_setup: KLIPS ipsec0 on
> > eth0 192.168.1.124/255.255.255.0 broadcast
> > 192.168.1.255
> > Aug 5 12:24:31 buick ipsec_setup: ...Openswan
> IPsec
> > started
> > Aug 5 12:24:31 buick ipsec_setup: Starting
> Openswan
> > IPsec cvs2002Mar12_05:49:03...
> > Aug 5 12:24:31 buick ipsec__plutorun: 003
> > "/etc/ipsec.secrets" line 1: error loading RSA
> private
> > key file
> >
> > 2.When I am executing the command
> > "ipsec auto --rereadsecrets" then also same
> message
> > is coming.
> >
> > 003 "/etc/ipsec.secrets" line 1: error loading RSA
> > private key file
> >
> > My ipsec.secrets is given below.
> > --------------------------------
> > : RSA kumar.com.key "kumar123"
> >
> > Is there any thing still I have to do.
> >
> > Thanks
> > Kumar
> >
> > --- Andreas Steffen
> <andreas.steffen at strongsec.net>
> > wrote:
> >
> >
> >>Check your logs for error messages while loading
> the
> >>private key file. You can repeat the loading
> process
> >>by typing
> >>
> >> ipsec auto --rereadsecrets
> >>
> >>If the private key is loaded correctly but the
> >>command
> >>
> >> ipsec auto --listcerts
> >>
> >>list your certificate without the comment
> >>
> >> ..., has private key
> >>
> >>then the public key contained in the certificate
> >>does
> >>not match the private key.
> >>
> >>Regards
> >>
> >>Andreas
> >>
> >>kumar nani wrote:
> >>
> >>>Hello Everybody,
> >>>
> >>> I have installed openswan-2.3.0 on two Redhat
> >>
> >>Linux
> >>
> >>>machines and preshared keys are working fine.I'm
> >>>trying to setup IPSec tunnel in openswan using
> >>
> >>x509
> >>
> >>>certificates, but keep getting told by openswan
> >>
> >>that
> >>
> >>>it can't find my private RSA key.
> >>>
> >>>I have used openssl for generating certificates
> by
> >>>following the instructions given in this webpage
> >>>
> >>>
> >>
> >
>
http://www.natecarlson.com/linux/ipsec-x509.php#casetup
> >
> >>>
> >>>ipsec.conf is below
> >>>--------------------
> >>>
>
> >>
> >>
> >>
> >>>
> >>>conn kumar
> >>> type=tunnel
> >>> authby=rsasig
> >>> leftrsasigkey=%cert
> >>> rightrsasigkey=%cert
> >>> left=xxx.xxx.xxx.xxx
> >>> leftcert=kumar.com.pem
> >>> right=yyy.yyy.yyy.yyy
> >>> rightcert=nitin.com.pem
> >>> auto=add
> >>> pfs=yes
> >>>
> >>>My ipsec.secrets
> >>>-----------------
> >>>: RSA kumar.com.key "kumar123"
> >>>
> >>>When I attempt to bring up the connection, it
> >>
> >>fails,
> >>
> >>>claiming that it cannot find my RSA key.
> >>>
> >>>/usr/local/sbin/ipsec auto --up naveen
> >>>
> >>>104 "kumar" #1: STATE_MAIN_I1: initiate
> >>>003 "kumar" #1: received Vendor ID payload [Dead
> >>
> >>Peer
> >>
> >>>Detection]
> >>>106 "kumar" #1: STATE_MAIN_I2: sent MI2,
> expecting
> >>
> >>MR2
> >>
> >>>003 "kumar" #1: unable to locate my private key
> >>
> >>for
> >>
> >>>RSA Signature
> >>>224 "kumar" #1: STATE_MAIN_I2:
> >>
> >>AUTHENTICATION_FAILED
> >>
> >>>
> >>>If anyone has a suggestion that might help me to
> >>
> >>solve
> >>
> >>>this problem, I'd appreciate it greatly.
> >>>
> >>>
> >>>** Kumar **
> >>
> >>
> >
>
=======================================================================
> >
> >>Andreas Steffen e-mail:
> >>andreas.steffen at strongsec.com
> >>strongSec GmbH home:
> >>http://www.strongsec.com
> >>Alter Zürichweg 20 phone: +41 1
> 730
> >>80 64
> >>CH-8952 Schlieren (Switzerland) fax: +41 1
> 730
> >>80 65
> >>==========================================[strong
> >>internet security]===
> >>
> >
> >
> >
> >
> >
> >
>
__________________________________________________________
> > How much free photo storage do you get? Store your
> friends 'n family snaps for FREE with Yahoo! Photos
> http://in.photos.yahoo.com
>
>
> --
>
=======================================================================
>
=== message truncated ===
__________________________________________________________
How much free photo storage do you get? Store your friends 'n family snaps for FREE with Yahoo! Photos http://in.photos.yahoo.com
More information about the Users
mailing list