[Openswan Users] showhostkey no default key in ipsec.secrets
TESTVPN R119LNXADM
testvpn.r119lnxadm at googlemail.com
Thu May 24 02:07:49 EDT 2007
Since your using debian I would suggest using the pico command.
go to root and type
pico /etc/ipsec.conf
now you are in the ipsec.conf file and change the conf file with this.
#
# File: /etc/ipsec.conf
#
conn left-to-right
left=xxx.xxx.xxx.xxx # Public Internet IP address of the
# LEFT VPN device
leftsubnet=255.255.255.0/24 # Subnet protected by the LEFT VPN device
leftid=@home # FQDN of Public Internet IP address of the
# LEFT VPN device with an "@"
leftrsasigkey=add your left key here
leftnexthop=xxx.xxx.xxx.xxx # correct in many situations
right=xxx.xxx.xxx.xxx # Public Internet IP address of
# the RIGHT VPN device
rightsubnet=255.255.255.0/24 # Subnet protected by the RIGHT VPN device
rightid=@work # FQDN of Public Internet IP address of the
# RIGHT VPN device with an "@"
rightrsasigkey=add your right key here
rightnexthop=xxx.xxx.xxx.xxx # correct in many situations
auto=start # authorizes and starts this connection
# on booting
Now change all the xxx marks with your I.p adresses and hops!!! Remember
gateway goes left peer goes right.
greetings and goodluck,
Tjeard Attema
On 5/23/07, James <james at nttmcl.com> wrote:
>
> Paul Wouters wrote:
> > On Tue, 22 May 2007, James wrote:
> >
> >
> >> I have a fresh install of openswan in debian and let it run a self
> >> signed key
> >>
> >> the key is in /etc/ipsec.d/private/host.pem
> >>
> >> the /etc/ipsec.secrets has
> >> : RSA /etc/ipsec.d/private/host.pem
> >>
> >> i run
> >> ipsec showhostkey --left
> >>
> >> and it gives
> >> ipsec showhostkey: no default key in "/etc/ipsec.secrets"
> >>
> >
> > ipsec showhostkey shows the public key of a raw RSA key, not the public
> key
> > within an X.509 certificate.
> >
> > Paul
> >
> where do i find instructions for using an x.509 cert then?
> Cause the documentation seems a bit abridged as for things go.
>
> especially since if i don't know what the public key is i dunno how i'm
> gonna set the ipsec.conf file.
>
> TIA
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20070524/54618fc2/attachment.html
More information about the Users
mailing list