[Openswan Users] no RSA public key

Peter McGill petermcgill at goco.net
Tue Jun 26 09:01:17 EDT 2007


> -----Original Message-----
> Date: Mon, 25 Jun 2007 17:26:12 +0200
> From: "Salvatore" <sasa at shoponweb.it>
> Subject: [Openswan Users] no RSA public key
> To: <users at openswan.org>
> 
> Hi, I have a problemu with openswan-2.4.7 and site-to-site 
> connection, my 
> ipsec.conf is:
> 
> config setup
> interfaces="ipsec0=eth0"
> conn %default
> esp=3des-md5
> rekey=no
> conn afra-aquila
> auto=start
> authby=rsasig
> pfs=yes
> #sede left
> left=82.104.xxx.xxx
> leftsubnet=172.16.0.0/24
> leftnexthop=82.104.xxx.xxy
> # RSA 2192 bits   host122-bla.it   Mon Jun 25 16:41:02 2007
> leftrsasigkey=0sAQOSd...
> #sede right
> right=79.5.yyy.yyy
> rightsubnet=10.0.0.0/24
> rightnexthop=79.5.yyy.yyx
> # RSA 2192 bits   host90bla.it   Mon Jun 25 16:42:41 2007
> rightrsasigkey=0sAQOZ74bR....
> 
> Jun 25 17:04:57 fw1 pluto[8083]: "afra-aquila" #2: no RSA public key known 
> for '79.5.yyy.yyy'; DNS search for KEY failed (no KEY record for 
> 79.5.yyy.yyy.in-addr.arpa.)
> 
> I have generate keys in this mode:
> 
> #ipsec newhostkey --hostname host90bla.it --output /etc/ipsec.secrets

It looks like it's trying to use opportunistic encryption.
Add this to your conf.

# Disable Opportunistic Encryptionn
include /etc/ipsec.d/examples/no_oe.conf

It's already in the default conf, but you may have to uncomment the second line.

Peter



More information about the Users mailing list