[Openswan Users] no RSA public key
Salvatore
sasa at shoponweb.it
Tue Jun 26 04:33:23 EDT 2007
..can I add an information about key, when I generate a new key I have:
#ipsec showhostkey --left
hostname: Unknown host
#RSA 2192 bits host122-bla.it Mon Jun...
leftrsasigkey=0sAQOSd...
..why I have always "hostname: Unknown host" ? can be this is the my problem
with RSA public key ?
Thanks.
------
Salvatore.
----- Original Message -----
From: "Salvatore" <sasa at shoponweb.it>
To: <users at openswan.org>
Sent: Monday, June 25, 2007 5:26 PM
Subject: [Openswan Users] no RSA public key
> Hi, I have a problemu with openswan-2.4.7 and site-to-site connection, my
> ipsec.conf is:
>
> config setup
> interfaces="ipsec0=eth0"
> conn %default
> esp=3des-md5
> rekey=no
> conn afra-aquila
> auto=start
> authby=rsasig
> pfs=yes
> #sede left
> left=82.104.xxx.xxx
> leftsubnet=172.16.0.0/24
> leftnexthop=82.104.xxx.xxy
> # RSA 2192 bits host122-bla.it Mon Jun 25 16:41:02 2007
> leftrsasigkey=0sAQOSd...
> #sede right
> right=79.5.yyy.yyy
> rightsubnet=10.0.0.0/24
> rightnexthop=79.5.yyy.yyx
> # RSA 2192 bits host90bla.it Mon Jun 25 16:42:41 2007
> rightrsasigkey=0sAQOZ74bR....
>
> ...in log file I have (on both sides):
>
> Jun 25 17:04:28 fw1 pluto[8083]: "afra-aquila" #2: sending encrypted
> notification INVALID_KEY_INFORMATION to 79.5.yyy.yyy:500
> Jun 25 17:04:43 fw1 pluto[8083]: "afra-aquila" #1: max number of
> retransmissions (2) reached STATE_MAIN_I3. Possible authentication
> failure:
> no acceptable response to our first encrypted message
> Jun 25 17:04:43 fw1 pluto[8083]: "afra-aquila" #1: starting keying attempt
> 2
> of an unlimited number
> Jun 25 17:04:43 fw1 pluto[8083]: "afra-aquila" #3: initiating Main Mode to
> replace #1
> Jun 25 17:04:43 fw1 pluto[8083]: "afra-aquila" #3: received Vendor ID
> payload [Openswan (this version) 2.4.7 PLUTO_SENDS_VENDORID
> PLUTO_USES_KEYRR]
> Jun 25 17:04:43 fw1 pluto[8083]: "afra-aquila" #3: received Vendor ID
> payload [Dead Peer Detection]
> Jun 25 17:04:43 fw1 pluto[8083]: "afra-aquila" #3: transition from state
> STATE_MAIN_I1 to state STATE_MAIN_I2
> Jun 25 17:04:43 fw1 pluto[8083]: "afra-aquila" #3: STATE_MAIN_I2: sent
> MI2,
> expecting MR2
> Jun 25 17:04:43 fw1 pluto[8083]: "afra-aquila" #3: I did not send a
> certificate because I do not have one.
> Jun 25 17:04:43 fw1 pluto[8083]: "afra-aquila" #3: transition from state
> STATE_MAIN_I2 to state STATE_MAIN_I3
> Jun 25 17:04:43 fw1 pluto[8083]: "afra-aquila" #3: STATE_MAIN_I3: sent
> MI3,
> expecting MR3
> Jun 25 17:04:44 fw1 pluto[8083]: "afra-aquila" #3: ignoring informational
> payload, type INVALID_KEY_INFORMATION
> Jun 25 17:04:44 fw1 pluto[8083]: "afra-aquila" #3: received and ignored
> informational message
> Jun 25 17:04:53 fw1 pluto[8083]: "afra-aquila" #3: ignoring informational
> payload, type INVALID_KEY_INFORMATION
> Jun 25 17:04:53 fw1 pluto[8083]: "afra-aquila" #3: received and ignored
> informational message
> Jun 25 17:04:57 fw1 pluto[8083]: "afra-aquila" #2: Main mode peer ID is
> ID_IPV4_ADDR: '79.5.yyy.yyy'
> Jun 25 17:04:57 fw1 pluto[8083]: "afra-aquila" #2: Main mode peer ID is
> ID_IPV4_ADDR: '79.5.yyy.yyy'
> Jun 25 17:04:57 fw1 pluto[8083]: "afra-aquila" #2: no RSA public key known
> for '79.5.yyy.yyy'; DNS search for KEY failed (no KEY record for
> 79.5.yyy.yyy.in-addr.arpa.)
>
> I have generate keys in this mode:
>
> #ipsec newhostkey --hostname host90bla.it --output /etc/ipsec.secrets
>
> Thanks.
>
> ------
> Salvatore.
>
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>
More information about the Users
mailing list