[Openswan Users] no RSA public key
Peter McGill
petermcgill at goco.net
Tue Jun 26 09:01:17 EDT 2007
> -----Original Message-----
> Date: Mon, 25 Jun 2007 17:26:12 +0200
> From: "Salvatore" <sasa at shoponweb.it>
> Subject: [Openswan Users] no RSA public key
> To: <users at openswan.org>
>
> Hi, I have a problemu with openswan-2.4.7 and site-to-site
> connection, my
> ipsec.conf is:
>
> config setup
> interfaces="ipsec0=eth0"
> conn %default
> esp=3des-md5
> rekey=no
> conn afra-aquila
> auto=start
> authby=rsasig
> pfs=yes
> #sede left
> left=82.104.xxx.xxx
> leftsubnet=172.16.0.0/24
> leftnexthop=82.104.xxx.xxy
> # RSA 2192 bits host122-bla.it Mon Jun 25 16:41:02 2007
> leftrsasigkey=0sAQOSd...
> #sede right
> right=79.5.yyy.yyy
> rightsubnet=10.0.0.0/24
> rightnexthop=79.5.yyy.yyx
> # RSA 2192 bits host90bla.it Mon Jun 25 16:42:41 2007
> rightrsasigkey=0sAQOZ74bR....
>
> Jun 25 17:04:57 fw1 pluto[8083]: "afra-aquila" #2: no RSA public key known
> for '79.5.yyy.yyy'; DNS search for KEY failed (no KEY record for
> 79.5.yyy.yyy.in-addr.arpa.)
>
> I have generate keys in this mode:
>
> #ipsec newhostkey --hostname host90bla.it --output /etc/ipsec.secrets
It looks like it's trying to use opportunistic encryption.
Add this to your conf.
# Disable Opportunistic Encryptionn
include /etc/ipsec.d/examples/no_oe.conf
It's already in the default conf, but you may have to uncomment the second line.
Peter
More information about the Users
mailing list