[Openswan Users] no RSA public key

Salvatore sasa at shoponweb.it
Tue Jun 26 11:11:50 EDT 2007


Hi, I use already:
include /etc/ipsec.d/examples/no_oe.conf

..my problem (also if I think that's strange) is depend from copy/past from 
"ipsec showhostkey..." and ipsec.conf !
Thanks.

------
Salvatore.


----- Original Message ----- 
From: "Peter McGill" <petermcgill at goco.net>
To: <sasa at shoponweb.it>
Cc: <users at openswan.org>
Sent: Tuesday, June 26, 2007 3:01 PM
Subject: RE: [Openswan Users] no RSA public key


>> -----Original Message-----
>> Date: Mon, 25 Jun 2007 17:26:12 +0200
>> From: "Salvatore" <sasa at shoponweb.it>
>> Subject: [Openswan Users] no RSA public key
>> To: <users at openswan.org>
>>
>> Hi, I have a problemu with openswan-2.4.7 and site-to-site
>> connection, my
>> ipsec.conf is:
>>
>> config setup
>> interfaces="ipsec0=eth0"
>> conn %default
>> esp=3des-md5
>> rekey=no
>> conn afra-aquila
>> auto=start
>> authby=rsasig
>> pfs=yes
>> #sede left
>> left=82.104.xxx.xxx
>> leftsubnet=172.16.0.0/24
>> leftnexthop=82.104.xxx.xxy
>> # RSA 2192 bits   host122-bla.it   Mon Jun 25 16:41:02 2007
>> leftrsasigkey=0sAQOSd...
>> #sede right
>> right=79.5.yyy.yyy
>> rightsubnet=10.0.0.0/24
>> rightnexthop=79.5.yyy.yyx
>> # RSA 2192 bits   host90bla.it   Mon Jun 25 16:42:41 2007
>> rightrsasigkey=0sAQOZ74bR....
>>
>> Jun 25 17:04:57 fw1 pluto[8083]: "afra-aquila" #2: no RSA public key 
>> known
>> for '79.5.yyy.yyy'; DNS search for KEY failed (no KEY record for
>> 79.5.yyy.yyy.in-addr.arpa.)
>>
>> I have generate keys in this mode:
>>
>> #ipsec newhostkey --hostname host90bla.it --output /etc/ipsec.secrets
>
> It looks like it's trying to use opportunistic encryption.
> Add this to your conf.
>
> # Disable Opportunistic Encryptionn
> include /etc/ipsec.d/examples/no_oe.conf
>
> It's already in the default conf, but you may have to uncomment the second 
> line.
>
> Peter
>
> 



More information about the Users mailing list