[Openswan Users] no RSA public key

Peter McGill petermcgill at goco.net
Tue Jun 26 12:47:45 EDT 2007 

> -----Original Message-----
> From: Salvatore [mailto:sasa at shoponweb.it] 
> Sent: June 26, 2007 11:12 AM
> To: petermcgill at goco.net
> Cc: users at openswan.org
> Subject: Re: [Openswan Users] no RSA public key
> 
> Hi, I use already:
> include /etc/ipsec.d/examples/no_oe.conf
> 
> ..my problem (also if I think that's strange) is depend from 
> copy/past from 
> "ipsec showhostkey..." and ipsec.conf !
> Thanks.
> 
> ------
> Salvatore.

That could be, especially on text terminal, the key will wrap.
Be sure that the key is all on one line, not split across multiple lines.
Also make sure that the line is prefixed with a tab, and not multiple spaces.

Peter

> ----- Original Message ----- 
> From: "Peter McGill" <petermcgill at goco.net>
> To: <sasa at shoponweb.it>
> Cc: <users at openswan.org>
> Sent: Tuesday, June 26, 2007 3:01 PM
> Subject: RE: [Openswan Users] no RSA public key
> 
> 
> >> -----Original Message-----
> >> Date: Mon, 25 Jun 2007 17:26:12 +0200
> >> From: "Salvatore" <sasa at shoponweb.it>
> >> Subject: [Openswan Users] no RSA public key
> >> To: <users at openswan.org>
> >>
> >> Hi, I have a problemu with openswan-2.4.7 and site-to-site
> >> connection, my
> >> ipsec.conf is:
> >>
> >> config setup
> >> interfaces="ipsec0=eth0"
> >> conn %default
> >> esp=3des-md5
> >> rekey=no
> >> conn afra-aquila
> >> auto=start
> >> authby=rsasig
> >> pfs=yes
> >> #sede left
> >> left=82.104.xxx.xxx
> >> leftsubnet=172.16.0.0/24
> >> leftnexthop=82.104.xxx.xxy
> >> # RSA 2192 bits   host122-bla.it   Mon Jun 25 16:41:02 2007
> >> leftrsasigkey=0sAQOSd...
> >> #sede right
> >> right=79.5.yyy.yyy
> >> rightsubnet=10.0.0.0/24
> >> rightnexthop=79.5.yyy.yyx
> >> # RSA 2192 bits   host90bla.it   Mon Jun 25 16:42:41 2007
> >> rightrsasigkey=0sAQOZ74bR....
> >>
> >> Jun 25 17:04:57 fw1 pluto[8083]: "afra-aquila" #2: no RSA 
> public key 
> >> known
> >> for '79.5.yyy.yyy'; DNS search for KEY failed (no KEY record for
> >> 79.5.yyy.yyy.in-addr.arpa.)
> >>
> >> I have generate keys in this mode:
> >>
> >> #ipsec newhostkey --hostname host90bla.it --output 
> /etc/ipsec.secrets
> >
> > It looks like it's trying to use opportunistic encryption.
> > Add this to your conf.
> >
> > # Disable Opportunistic Encryptionn
> > include /etc/ipsec.d/examples/no_oe.conf
> >
> > It's already in the default conf, but you may have to 
> uncomment the second 
> > line.
> >
> > Peter
> >
> >

More information about the Users mailing list