[Openswan Users] X-509 in openswan

kumar nani kumar_lists at yahoo.co.in
Fri Aug 5 12:49:09 CEST 2005


Hi Toby,

Yes I have the key file in /etc/ipsec.d/private.I am
thinking that it may be the problem with configuring
the ipsec.secrets file.

my ipsec.secrets file
------------------------------
: RSA kumar.com.key "kumar123"

------------------------------

Thanks 
Kumar

--- Toby Chamberlain <toby at webtechservices.com.au>
wrote:

> You do have the key file in /etc/ipsec.d/private
> don't you?
> 
> >
> > Hi Andreas,
> >
> > I have added the newline character at the end but
> stil
> > the same problem is coming.The /var/log/messages
> are
> > showing like this
> >
> > Aug  5 15:31:22 buick ipsec_setup: ...Openswan
> IPsec
> > started
> > Aug  5 15:31:22 buick ipsec_setup: Starting
> Openswan
> > IPsec cvs2002Mar12_05:49:03...
> > Aug  5 15:31:22 buick ipsec__plutorun: 003
> > "/etc/ipsec.secrets" line 2: error loading RSA
> private
> > key file
> >
> > Thanks
> > Kumar
> >
> > --- Andreas Steffen
> <andreas.steffen at strongsec.net>
> > wrote:
> >
> >> The line
> >>
> >> : RSA kumar.com.key "kumar123"
> >>
> >> must be terminated with a newline character, i.e.
> >> a line feed to the next line.
> >>
> >> Andreas
> >>
> >> kumar nani wrote:
> >> > Hi Andreas,
> >> >
> >> > I have checked my log messages.I think there is
> >> some
> >> > error while loading my private key.See below
> the
> >> dump
> >> > of /var/log/messages
> >> >
> >> > Aug  5 12:24:31 buick ipsec_setup: KLIPS ipsec0
> on
> >> > eth0 192.168.1.124/255.255.255.0 broadcast
> >> > 192.168.1.255
> >> > Aug  5 12:24:31 buick ipsec_setup: ...Openswan
> >> IPsec
> >> > started
> >> > Aug  5 12:24:31 buick ipsec_setup: Starting
> >> Openswan
> >> > IPsec cvs2002Mar12_05:49:03...
> >> > Aug  5 12:24:31 buick ipsec__plutorun: 003
> >> > "/etc/ipsec.secrets" line 1: error loading RSA
> >> private
> >> > key file
> >> >
> >> > 2.When I am executing the command
> >> >  "ipsec auto --rereadsecrets" then also same
> >> message
> >> > is coming.
> >> >
> >> > 003 "/etc/ipsec.secrets" line 1: error loading
> RSA
> >> > private key file
> >> >
> >> > My ipsec.secrets is given below.
> >> > --------------------------------
> >> > : RSA kumar.com.key "kumar123"
> >> >
> >> > Is there any thing still I have to do.
> >> >
> >> > Thanks
> >> > Kumar
> >> >
> >> > --- Andreas Steffen
> >> <andreas.steffen at strongsec.net>
> >> > wrote:
> >> >
> >> >
> >> >>Check your logs for error messages while
> loading
> >> the
> >> >>private key file. You can repeat the loading
> >> process
> >> >>by typing
> >> >>
> >> >>   ipsec auto --rereadsecrets
> >> >>
> >> >>If the private key is loaded correctly but the
> >> >>command
> >> >>
> >> >>   ipsec auto --listcerts
> >> >>
> >> >>list your certificate without the comment
> >> >>
> >> >>   ..., has private key
> >> >>
> >> >>then the public key contained in the
> certificate
> >> >>does
> >> >>not match the private key.
> >> >>
> >> >>Regards
> >> >>
> >> >>Andreas
> >> >>
> >> >>kumar nani wrote:
> >> >>
> >> >>>Hello Everybody,
> >> >>>
> >> >>> I have installed openswan-2.3.0 on two Redhat
> >> >>
> >> >>Linux
> >> >>
> >> >>>machines and preshared keys are working
> fine.I'm
> >> >>>trying to setup IPSec tunnel in openswan using
> >> >>
> >> >>x509
> >> >>
> >> >>>certificates, but keep getting told by
> openswan
> >> >>
> >> >>that
> >> >>
> >> >>>it can't find my private RSA key.
> >> >>>
> >> >>>I have used openssl for generating
> certificates
> >> by
> >> >>>following the instructions given in this
> webpage
> >> >>>
> >> >>>
> >> >>
> >> >
> >>
> >
>
http://www.natecarlson.com/linux/ipsec-x509.php#casetup
> >> >
> >> >>>
> >> >>>ipsec.conf is below
> >> >>>--------------------
> >> >>>
> >>
> >> >>
> >> >>
> >> >>
> >> >>>
> >> >>>conn kumar
> >> >>>        type=tunnel
> >> >>>        authby=rsasig
> >> >>>        leftrsasigkey=%cert
> >> >>>        rightrsasigkey=%cert
> >> >>>        left=xxx.xxx.xxx.xxx
> >> >>>        leftcert=kumar.com.pem
> >> >>>        right=yyy.yyy.yyy.yyy
> >> >>>        rightcert=nitin.com.pem
> >> >>>        auto=add
> >> >>>        pfs=yes
> >> >>>
> >> >>>My ipsec.secrets
> >> >>>-----------------
> >> >>>: RSA kumar.com.key "kumar123"
> >> >>>
> >> >>>When I attempt to bring up the connection, it
> >> >>
> >> >>fails,
> >> >>
> >> >>>claiming that it cannot find my RSA key.
> >> >>>
> >> >>>/usr/local/sbin/ipsec auto --up naveen
> >> >>>
> >> >>>104 "kumar" #1: STATE_MAIN_I1: initiate
> >> >>>003 "kumar" #1: received Vendor ID payload
> [Dead
> >> >>
> >> >>Peer
> >> >>
> >> >>>Detection]
> >> >>>106 "kumar" #1: STATE_MAIN_I2: sent MI2,
> >> expecting
> >> >>
> >> >>MR2
> >> >>
> >> >>>003 "kumar" #1: unable to locate my private
> key
> >> >>
> >> >>for
> >> >>
> >> >>>RSA Signature
> >> >>>224 "kumar" #1: STATE_MAIN_I2:
> >> >>
> 
=== message truncated ===



		
_______________________________________________________
Too much spam in your inbox? Yahoo! Mail gives you the best spam protection for FREE! http://in.mail.yahoo.com


More information about the Users mailing list