[Openswan Users] X-509 in openswan

Toby Chamberlain toby at webtechservices.com.au
Fri Aug 5 21:37:57 CEST 2005


You do have the key file in /etc/ipsec.d/private don't you?

>
> Hi Andreas,
>
> I have added the newline character at the end but stil
> the same problem is coming.The /var/log/messages are
> showing like this
>
> Aug  5 15:31:22 buick ipsec_setup: ...Openswan IPsec
> started
> Aug  5 15:31:22 buick ipsec_setup: Starting Openswan
> IPsec cvs2002Mar12_05:49:03...
> Aug  5 15:31:22 buick ipsec__plutorun: 003
> "/etc/ipsec.secrets" line 2: error loading RSA private
> key file
>
> Thanks
> Kumar
>
> --- Andreas Steffen <andreas.steffen at strongsec.net>
> wrote:
>
>> The line
>>
>> : RSA kumar.com.key "kumar123"
>>
>> must be terminated with a newline character, i.e.
>> a line feed to the next line.
>>
>> Andreas
>>
>> kumar nani wrote:
>> > Hi Andreas,
>> >
>> > I have checked my log messages.I think there is
>> some
>> > error while loading my private key.See below the
>> dump
>> > of /var/log/messages
>> >
>> > Aug  5 12:24:31 buick ipsec_setup: KLIPS ipsec0 on
>> > eth0 192.168.1.124/255.255.255.0 broadcast
>> > 192.168.1.255
>> > Aug  5 12:24:31 buick ipsec_setup: ...Openswan
>> IPsec
>> > started
>> > Aug  5 12:24:31 buick ipsec_setup: Starting
>> Openswan
>> > IPsec cvs2002Mar12_05:49:03...
>> > Aug  5 12:24:31 buick ipsec__plutorun: 003
>> > "/etc/ipsec.secrets" line 1: error loading RSA
>> private
>> > key file
>> >
>> > 2.When I am executing the command
>> >  "ipsec auto --rereadsecrets" then also same
>> message
>> > is coming.
>> >
>> > 003 "/etc/ipsec.secrets" line 1: error loading RSA
>> > private key file
>> >
>> > My ipsec.secrets is given below.
>> > --------------------------------
>> > : RSA kumar.com.key "kumar123"
>> >
>> > Is there any thing still I have to do.
>> >
>> > Thanks
>> > Kumar
>> >
>> > --- Andreas Steffen
>> <andreas.steffen at strongsec.net>
>> > wrote:
>> >
>> >
>> >>Check your logs for error messages while loading
>> the
>> >>private key file. You can repeat the loading
>> process
>> >>by typing
>> >>
>> >>   ipsec auto --rereadsecrets
>> >>
>> >>If the private key is loaded correctly but the
>> >>command
>> >>
>> >>   ipsec auto --listcerts
>> >>
>> >>list your certificate without the comment
>> >>
>> >>   ..., has private key
>> >>
>> >>then the public key contained in the certificate
>> >>does
>> >>not match the private key.
>> >>
>> >>Regards
>> >>
>> >>Andreas
>> >>
>> >>kumar nani wrote:
>> >>
>> >>>Hello Everybody,
>> >>>
>> >>> I have installed openswan-2.3.0 on two Redhat
>> >>
>> >>Linux
>> >>
>> >>>machines and preshared keys are working fine.I'm
>> >>>trying to setup IPSec tunnel in openswan using
>> >>
>> >>x509
>> >>
>> >>>certificates, but keep getting told by openswan
>> >>
>> >>that
>> >>
>> >>>it can't find my private RSA key.
>> >>>
>> >>>I have used openssl for generating certificates
>> by
>> >>>following the instructions given in this webpage
>> >>>
>> >>>
>> >>
>> >
>>
> http://www.natecarlson.com/linux/ipsec-x509.php#casetup
>> >
>> >>>
>> >>>ipsec.conf is below
>> >>>--------------------
>> >>>
>>
>> >>
>> >>
>> >>
>> >>>
>> >>>conn kumar
>> >>>        type=tunnel
>> >>>        authby=rsasig
>> >>>        leftrsasigkey=%cert
>> >>>        rightrsasigkey=%cert
>> >>>        left=xxx.xxx.xxx.xxx
>> >>>        leftcert=kumar.com.pem
>> >>>        right=yyy.yyy.yyy.yyy
>> >>>        rightcert=nitin.com.pem
>> >>>        auto=add
>> >>>        pfs=yes
>> >>>
>> >>>My ipsec.secrets
>> >>>-----------------
>> >>>: RSA kumar.com.key "kumar123"
>> >>>
>> >>>When I attempt to bring up the connection, it
>> >>
>> >>fails,
>> >>
>> >>>claiming that it cannot find my RSA key.
>> >>>
>> >>>/usr/local/sbin/ipsec auto --up naveen
>> >>>
>> >>>104 "kumar" #1: STATE_MAIN_I1: initiate
>> >>>003 "kumar" #1: received Vendor ID payload [Dead
>> >>
>> >>Peer
>> >>
>> >>>Detection]
>> >>>106 "kumar" #1: STATE_MAIN_I2: sent MI2,
>> expecting
>> >>
>> >>MR2
>> >>
>> >>>003 "kumar" #1: unable to locate my private key
>> >>
>> >>for
>> >>
>> >>>RSA Signature
>> >>>224 "kumar" #1: STATE_MAIN_I2:
>> >>
>> >>AUTHENTICATION_FAILED
>> >>
>> >>>
>> >>>If anyone has a suggestion that might help me to
>> >>
>> >>solve
>> >>
>> >>>this problem, I'd appreciate it greatly.
>> >>>
>> >>>
>> >>>** Kumar **
>> >>
>> >>
>> >
>>
> =======================================================================
>> >
>> >>Andreas Steffen                   e-mail:
>> >>andreas.steffen at strongsec.com
>> >>strongSec GmbH                    home:
>> >>http://www.strongsec.com
>> >>Alter Zürichweg 20                phone:  +41 1
>> 730
>> >>80 64
>> >>CH-8952 Schlieren (Switzerland)   fax:    +41 1
>> 730
>> >>80 65
>> >>==========================================[strong
>> >>internet security]===
>> >>
>> >
>> >
>> >
>> >
>> >
>> >
>>
> __________________________________________________________
>> > How much free photo storage do you get? Store your
>> friends 'n family snaps for FREE with Yahoo! Photos
>> http://in.photos.yahoo.com
>>
>>
>> -- 
>>
> =======================================================================
>>
> === message truncated ===
>
>
>
>
> __________________________________________________________
> How much free photo storage do you get? Store your friends 'n family snaps 
> for FREE with Yahoo! Photos http://in.photos.yahoo.com
> _______________________________________________
> Users mailing list
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users 



More information about the Users mailing list