[Openswan Users] X-509 in openswan

kumar nani kumar_lists at yahoo.co.in
Fri Aug 5 12:05:14 CEST 2005 

Hi Andreas,

I have added the newline character at the end but stil
the same problem is coming.The /var/log/messages are
showing like this 

Aug  5 15:31:22 buick ipsec_setup: ...Openswan IPsec
started
Aug  5 15:31:22 buick ipsec_setup: Starting Openswan
IPsec cvs2002Mar12_05:49:03...
Aug  5 15:31:22 buick ipsec__plutorun: 003
"/etc/ipsec.secrets" line 2: error loading RSA private
key file

Thanks 
Kumar

--- Andreas Steffen <andreas.steffen at strongsec.net>
wrote:

> The line
> 
> : RSA kumar.com.key "kumar123"
> 
> must be terminated with a newline character, i.e.
> a line feed to the next line.
> 
> Andreas
> 
> kumar nani wrote:
> > Hi Andreas,
> > 
> > I have checked my log messages.I think there is
> some
> > error while loading my private key.See below the
> dump
> > of /var/log/messages
> > 
> > Aug  5 12:24:31 buick ipsec_setup: KLIPS ipsec0 on
> > eth0 192.168.1.124/255.255.255.0 broadcast
> > 192.168.1.255
> > Aug  5 12:24:31 buick ipsec_setup: ...Openswan
> IPsec
> > started
> > Aug  5 12:24:31 buick ipsec_setup: Starting
> Openswan
> > IPsec cvs2002Mar12_05:49:03...
> > Aug  5 12:24:31 buick ipsec__plutorun: 003
> > "/etc/ipsec.secrets" line 1: error loading RSA
> private
> > key file
> > 
> > 2.When I am executing the command
> >  "ipsec auto --rereadsecrets" then also same
> message
> > is coming.
> > 
> > 003 "/etc/ipsec.secrets" line 1: error loading RSA
> > private key file
> > 
> > My ipsec.secrets is given below.
> > --------------------------------
> > : RSA kumar.com.key "kumar123"
> > 
> > Is there any thing still I have to do.
> > 
> > Thanks 
> > Kumar
> > 
> > --- Andreas Steffen
> <andreas.steffen at strongsec.net>
> > wrote:
> > 
> > 
> >>Check your logs for error messages while loading
> the
> >>private key file. You can repeat the loading
> process
> >>by typing
> >>
> >>   ipsec auto --rereadsecrets
> >>
> >>If the private key is loaded correctly but the
> >>command
> >>
> >>   ipsec auto --listcerts
> >>
> >>list your certificate without the comment
> >>
> >>   ..., has private key
> >>
> >>then the public key contained in the certificate
> >>does
> >>not match the private key.
> >>
> >>Regards
> >>
> >>Andreas
> >>
> >>kumar nani wrote:
> >>
> >>>Hello Everybody,
> >>>
> >>> I have installed openswan-2.3.0 on two Redhat
> >>
> >>Linux
> >>
> >>>machines and preshared keys are working fine.I'm
> >>>trying to setup IPSec tunnel in openswan using
> >>
> >>x509
> >>
> >>>certificates, but keep getting told by openswan
> >>
> >>that
> >>
> >>>it can't find my private RSA key.
> >>>
> >>>I have used openssl for generating certificates
> by
> >>>following the instructions given in this webpage
> >>>
> >>>
> >>
> >
>
http://www.natecarlson.com/linux/ipsec-x509.php#casetup
> > 
> >>>
> >>>ipsec.conf is below
> >>>--------------------
> >>>                                                 
> 
> >>
> >>   
> >>
> >>>                                     
> >>>conn kumar
> >>>        type=tunnel
> >>>        authby=rsasig
> >>>        leftrsasigkey=%cert
> >>>        rightrsasigkey=%cert
> >>>        left=xxx.xxx.xxx.xxx
> >>>        leftcert=kumar.com.pem
> >>>        right=yyy.yyy.yyy.yyy
> >>>        rightcert=nitin.com.pem
> >>>        auto=add
> >>>        pfs=yes
> >>>               
> >>>My ipsec.secrets
> >>>-----------------
> >>>: RSA kumar.com.key "kumar123"
> >>>
> >>>When I attempt to bring up the connection, it
> >>
> >>fails,
> >>
> >>>claiming that it cannot find my RSA key.
> >>>
> >>>/usr/local/sbin/ipsec auto --up naveen
> >>>
> >>>104 "kumar" #1: STATE_MAIN_I1: initiate
> >>>003 "kumar" #1: received Vendor ID payload [Dead
> >>
> >>Peer
> >>
> >>>Detection]
> >>>106 "kumar" #1: STATE_MAIN_I2: sent MI2,
> expecting
> >>
> >>MR2
> >>
> >>>003 "kumar" #1: unable to locate my private key
> >>
> >>for
> >>
> >>>RSA Signature
> >>>224 "kumar" #1: STATE_MAIN_I2:
> >>
> >>AUTHENTICATION_FAILED
> >>
> >>>
> >>>If anyone has a suggestion that might help me to
> >>
> >>solve
> >>
> >>>this problem, I'd appreciate it greatly.
> >>>
> >>>
> >>>** Kumar **
> >>
> >>
> >
>
=======================================================================
> > 
> >>Andreas Steffen                   e-mail:
> >>andreas.steffen at strongsec.com
> >>strongSec GmbH                    home:  
> >>http://www.strongsec.com
> >>Alter Zürichweg 20                phone:  +41 1
> 730
> >>80 64
> >>CH-8952 Schlieren (Switzerland)   fax:    +41 1
> 730
> >>80 65
> >>==========================================[strong
> >>internet security]===
> >>
> > 
> > 
> > 
> > 
> > 		
> >
>
__________________________________________________________
> > How much free photo storage do you get? Store your
> friends 'n family snaps for FREE with Yahoo! Photos
> http://in.photos.yahoo.com
> 
> 
> -- 
>
=======================================================================
> 
=== message truncated ===



		
__________________________________________________________
How much free photo storage do you get? Store your friends 'n family snaps for FREE with Yahoo! Photos http://in.photos.yahoo.com

More information about the Users mailing list