[Openswan Users] My private keys not showing up with --listall

OCG Technical Support support at ocg.ca
Tue Oct 14 15:33:49 EDT 2008


I didn't realize IPsec was logging to the /var/log/secure file.  Ok I dumped
the result of the restart below.

I see IPsec is trying to load my private key, but I don't see anything
indicated it got the key contents...is this right?

Note that I generated the request on the IPSec gateway, signed the request
on a Windows CA, and moved the resulting cert (in b64 format) back to the
gateway...

Thanks,
MD

(I'll put some book feedback in a different email - perhaps it will generate
some good discussion on the list)

Oct 14 14:33:41 firewall pluto[28430]: Starting Pluto (Openswan Version
2.6.14; Vendor ID OEoSJUweaqAX) pid:28430
Oct 14 14:33:41 firewall pluto[28430]: Setting NAT-Traversal port-4500
floating to on
Oct 14 14:33:41 firewall pluto[28430]:    port floating activation criteria
nat_t=1/port_float=1
Oct 14 14:33:41 firewall pluto[28430]:    including NAT-Traversal patch
(Version 0.6c)
Oct 14 14:33:41 firewall pluto[28430]: using /dev/urandom as source of
random entropy
Oct 14 14:33:41 firewall pluto[28430]: ike_alg_register_enc(): Activating
OAKLEY_TWOFISH_CBC_SSH: Ok (ret=0)
Oct 14 14:33:41 firewall pluto[28430]: ike_alg_register_enc(): Activating
OAKLEY_TWOFISH_CBC: Ok (ret=0)
Oct 14 14:33:41 firewall pluto[28430]: ike_alg_register_enc(): Activating
OAKLEY_SERPENT_CBC: Ok (ret=0)
Oct 14 14:33:41 firewall pluto[28430]: ike_alg_register_enc(): Activating
OAKLEY_AES_CBC: Ok (ret=0)
Oct 14 14:33:41 firewall pluto[28430]: ike_alg_register_enc(): Activating
OAKLEY_BLOWFISH_CBC: Ok (ret=0)
Oct 14 14:33:41 firewall pluto[28430]: ike_alg_register_hash(): Activating
OAKLEY_SHA2_512: Ok (ret=0)
Oct 14 14:33:41 firewall pluto[28430]: ike_alg_register_hash(): Activating
OAKLEY_SHA2_256: Ok (ret=0)
Oct 14 14:33:41 firewall pluto[28430]: starting up 1 cryptographic helpers
Oct 14 14:33:41 firewall pluto[28432]: using /dev/urandom as source of
random entropy
Oct 14 14:33:41 firewall pluto[28430]: started helper pid=28432 (fd:7)
Oct 14 14:33:41 firewall pluto[28430]: Using Linux 2.6 IPsec interface code
on 2.6.25.14108b.fc9-firewall (experimental code)
Oct 14 14:33:42 firewall pluto[28430]: ike_alg_register_enc(): WARNING: enc
alg=0 not found in constants.c:oakley_enc_names  
Oct 14 14:33:42 firewall pluto[28430]: ike_alg_register_enc(): Activating
<NULL>: Ok (ret=0)
Oct 14 14:33:42 firewall pluto[28430]: ike_alg_register_enc(): WARNING: enc
alg=0 not found in constants.c:oakley_enc_names  
Oct 14 14:33:42 firewall pluto[28430]: ike_alg_add(): ERROR: Algorithm
already exists
Oct 14 14:33:42 firewall pluto[28430]: ike_alg_register_enc(): Activating
<NULL>: FAILED (ret=-17)
Oct 14 14:33:42 firewall pluto[28430]: ike_alg_register_enc(): WARNING: enc
alg=0 not found in constants.c:oakley_enc_names  
Oct 14 14:33:42 firewall pluto[28430]: ike_alg_add(): ERROR: Algorithm
already exists
Oct 14 14:33:42 firewall pluto[28430]: ike_alg_register_enc(): Activating
<NULL>: FAILED (ret=-17)
Oct 14 14:33:42 firewall pluto[28430]: ike_alg_register_enc(): WARNING: enc
alg=0 not found in constants.c:oakley_enc_names  
Oct 14 14:33:42 firewall pluto[28430]: ike_alg_add(): ERROR: Algorithm
already exists
Oct 14 14:33:42 firewall pluto[28430]: ike_alg_register_enc(): Activating
<NULL>: FAILED (ret=-17)
Oct 14 14:33:42 firewall pluto[28430]: ike_alg_register_enc(): WARNING: enc
alg=0 not found in constants.c:oakley_enc_names  
Oct 14 14:33:42 firewall pluto[28430]: ike_alg_add(): ERROR: Algorithm
already exists
Oct 14 14:33:42 firewall pluto[28430]: ike_alg_register_enc(): Activating
<NULL>: FAILED (ret=-17)
Oct 14 14:33:42 firewall pluto[28430]: ike_alg_register_enc(): WARNING: enc
alg=0 not found in constants.c:oakley_enc_names  
Oct 14 14:33:42 firewall pluto[28430]: ike_alg_add(): ERROR: Algorithm
already exists
Oct 14 14:33:42 firewall pluto[28430]: ike_alg_register_enc(): Activating
<NULL>: FAILED (ret=-17)
Oct 14 14:33:43 firewall pluto[28430]: Changed path to directory
'/etc/ipsec.d/cacerts'
Oct 14 14:33:43 firewall pluto[28430]:   loaded CA cert file 'ocg.cer' (1175
bytes)
Oct 14 14:33:43 firewall pluto[28430]: |   file coded in DER format
Oct 14 14:33:43 firewall pluto[28430]: | L0 - certificate:
Oct 14 14:33:43 firewall pluto[28430]: | L1 - tbsCertificate:
Oct 14 14:33:43 firewall pluto[28430]: | L2 - DEFAULT v1:
Oct 14 14:33:43 firewall pluto[28430]: | L3 - version:
Oct 14 14:33:43 firewall pluto[28430]: |   v3
Oct 14 14:33:43 firewall pluto[28430]: | L2 - serialNumber:
Oct 14 14:33:43 firewall pluto[28430]: | L2 - signature:
Oct 14 14:33:43 firewall pluto[28430]: | L3 - algorithmIdentifier:
Oct 14 14:33:43 firewall pluto[28430]: | L4 - algorithm:
Oct 14 14:33:43 firewall pluto[28430]: |   'sha-1WithRSAEncryption'
Oct 14 14:33:43 firewall pluto[28430]: | L2 - issuer:
Oct 14 14:33:43 firewall pluto[28430]: |   'DC=ca, DC=ocg, CN=OCG
Certificate Authority'
Oct 14 14:33:43 firewall pluto[28430]: | L2 - validity:
Oct 14 14:33:43 firewall pluto[28430]: | L3 - notBefore:
Oct 14 14:33:43 firewall pluto[28430]: | L4 - utcTime:
Oct 14 14:33:43 firewall pluto[28430]: |   'Sep 29 03:06:37 UTC 2006'
Oct 14 14:33:43 firewall pluto[28430]: | L3 - notAfter:
Oct 14 14:33:43 firewall pluto[28430]: | L4 - utcTime:
Oct 14 14:33:43 firewall pluto[28430]: |   'Sep 29 03:14:33 UTC 2031'
Oct 14 14:33:43 firewall pluto[28430]: | L2 - subject:
Oct 14 14:33:43 firewall pluto[28430]: |   'DC=ca, DC=ocg, CN=OCG
Certificate Authority'
Oct 14 14:33:43 firewall pluto[28430]: | L2 - subjectPublicKeyInfo:
Oct 14 14:33:43 firewall pluto[28430]: | L3 - algorithm:
Oct 14 14:33:43 firewall pluto[28430]: | L4 - algorithmIdentifier:
Oct 14 14:33:43 firewall pluto[28430]: | L5 - algorithm:
Oct 14 14:33:43 firewall pluto[28430]: |   'rsaEncryption'
Oct 14 14:33:43 firewall pluto[28430]: | L3 - subjectPublicKey:
Oct 14 14:33:43 firewall pluto[28430]: | L4 - RSAPublicKey:
Oct 14 14:33:43 firewall pluto[28430]: | L5 - modulus:
Oct 14 14:33:43 firewall pluto[28430]: | L5 - publicExponent:
Oct 14 14:33:43 firewall pluto[28430]: | L2 - optional extensions:
Oct 14 14:33:43 firewall pluto[28430]: | L3 - extensions:
Oct 14 14:33:43 firewall pluto[28430]: | L4 - extension:
Oct 14 14:33:43 firewall pluto[28430]: | L5 - extnID:
Oct 14 14:33:43 firewall pluto[28430]: |   'keyUsage'
Oct 14 14:33:43 firewall pluto[28430]: | L5 - critical:
Oct 14 14:33:43 firewall pluto[28430]: |   FALSE
Oct 14 14:33:43 firewall pluto[28430]: | L5 - extnValue:
Oct 14 14:33:43 firewall pluto[28430]: | L4 - extension:
Oct 14 14:33:43 firewall pluto[28430]: | L5 - extnID:
Oct 14 14:33:43 firewall pluto[28430]: |   'basicConstraints'
Oct 14 14:33:43 firewall pluto[28430]: | L5 - critical:
Oct 14 14:33:43 firewall pluto[28430]: |   TRUE
Oct 14 14:33:43 firewall pluto[28430]: | L5 - extnValue:
Oct 14 14:33:43 firewall pluto[28430]: | L6 - basicConstraints:
Oct 14 14:33:43 firewall pluto[28430]: | L7 - CA:
Oct 14 14:33:43 firewall pluto[28430]: |   TRUE
Oct 14 14:33:43 firewall pluto[28430]: | L4 - extension:
Oct 14 14:33:43 firewall pluto[28430]: | L5 - extnID:
Oct 14 14:33:43 firewall pluto[28430]: |   'subjectKeyIdentifier'
Oct 14 14:33:43 firewall pluto[28430]: | L5 - critical:
Oct 14 14:33:43 firewall pluto[28430]: |   FALSE
Oct 14 14:33:43 firewall pluto[28430]: | L5 - extnValue:
Oct 14 14:33:43 firewall pluto[28430]: | L6 - keyIdentifier:
Oct 14 14:33:43 firewall pluto[28430]: | L4 - extension:
Oct 14 14:33:43 firewall pluto[28430]: | L5 - extnID:
Oct 14 14:33:43 firewall pluto[28430]: |   'crlDistributionPoints'
Oct 14 14:33:43 firewall pluto[28430]: | L5 - critical:
Oct 14 14:33:43 firewall pluto[28430]: |   FALSE
Oct 14 14:33:43 firewall pluto[28430]: | L5 - extnValue:
Oct 14 14:33:43 firewall pluto[28430]: | L6 - crlDistributionPoints:
Oct 14 14:33:43 firewall pluto[28430]: | L7 - DistributionPoint:
Oct 14 14:33:43 firewall pluto[28430]: | L8 - distributionPoint:
Oct 14 14:33:43 firewall pluto[28430]: | L9 - fullName:
Oct 14 14:33:43 firewall pluto[28430]: | L10 - generalNames:
Oct 14 14:33:43 firewall pluto[28430]: | L11 - generalName:
Oct 14 14:33:43 firewall pluto[28430]: | L12 - uniformResourceIdentifier:
Oct 14 14:33:43 firewall pluto[28430]: |
'ldap:///CN=OCG%20Certificate%20Authority,CN=fps,CN=CDP,CN=Public%20Key%20Se
rvices,CN=Services,CN=Configuration,DC=ocg,DC=ca?certificateRevocationList?b
ase?objectClass=cRLDistributionPoint'
Oct 14 14:33:43 firewall pluto[28430]: | L11 - generalName:
Oct 14 14:33:43 firewall pluto[28430]: | L12 - uniformResourceIdentifier:
Oct 14 14:33:43 firewall pluto[28430]: |
'http://fps.ocg.ca/CertEnroll/OCG%20Certificate%20Authority.crl'
Oct 14 14:33:43 firewall pluto[28430]: | L4 - extension:
Oct 14 14:33:43 firewall pluto[28430]: | L5 - extnID:
Oct 14 14:33:43 firewall pluto[28430]: | L5 - critical:
Oct 14 14:33:43 firewall pluto[28430]: |   FALSE
Oct 14 14:33:43 firewall pluto[28430]: | L5 - extnValue:
Oct 14 14:33:43 firewall pluto[28430]: | L1 - signatureAlgorithm:
Oct 14 14:33:43 firewall pluto[28430]: | L2 - algorithmIdentifier:
Oct 14 14:33:43 firewall pluto[28430]: | L3 - algorithm:
Oct 14 14:33:43 firewall pluto[28430]: |   'sha-1WithRSAEncryption'
Oct 14 14:33:43 firewall pluto[28430]: | L1 - signatureValue:
Oct 14 14:33:43 firewall pluto[28430]: |   authcert inserted
Oct 14 14:33:43 firewall pluto[28430]: Could not change to directory
'/etc/ipsec.d/aacerts': /
Oct 14 14:33:43 firewall pluto[28430]: Could not change to directory
'/etc/ipsec.d/ocspcerts': /
Oct 14 14:33:43 firewall pluto[28430]: Could not change to directory
'/etc/ipsec.d/crls'
Oct 14 14:33:43 firewall pluto[28430]: Changing back to directory '/' failed
- (2 No such file or directory)
Oct 14 14:33:43 firewall pluto[28430]: Changing back to directory '/' failed
- (2 No such file or directory)
Oct 14 14:33:43 firewall pluto[28430]: listening for IKE messages
Oct 14 14:33:43 firewall pluto[28430]: adding interface ppp0/ppp0
172.31.250.1:500
Oct 14 14:33:43 firewall pluto[28430]: adding interface ppp0/ppp0
172.31.250.1:4500
Oct 14 14:33:43 firewall pluto[28430]: adding interface eth0/eth0
99.249.237.152:500
Oct 14 14:33:43 firewall pluto[28430]: adding interface eth0/eth0
99.249.237.152:4500
Oct 14 14:33:43 firewall pluto[28430]: adding interface eth3/eth3
172.31.252.1:500
Oct 14 14:33:43 firewall pluto[28430]: adding interface eth3/eth3
172.31.252.1:4500
Oct 14 14:33:43 firewall pluto[28430]: adding interface eth2/eth2
172.31.253.1:500
Oct 14 14:33:43 firewall pluto[28430]: adding interface eth2/eth2
172.31.253.1:4500
Oct 14 14:33:43 firewall pluto[28430]: adding interface eth1/eth1
172.31.254.1:500
Oct 14 14:33:43 firewall pluto[28430]: adding interface eth1/eth1
172.31.254.1:4500
Oct 14 14:33:43 firewall pluto[28430]: adding interface lo/lo 127.0.0.1:500
Oct 14 14:33:43 firewall pluto[28430]: adding interface lo/lo 127.0.0.1:4500
Oct 14 14:33:43 firewall pluto[28430]: adding interface lo/lo ::1:500
Oct 14 14:33:43 firewall pluto[28430]: loading secrets from
"/etc/ipsec.secrets"
Oct 14 14:33:43 firewall pluto[28430]:   loaded private key file
'/etc/ipsec.d/private/firewall-private-key.pem' (963 bytes)
Oct 14 14:33:43 firewall pluto[28430]: |   file content is not binary ASN.1
Oct 14 14:33:43 firewall pluto[28430]: |   -----BEGIN RSA PRIVATE KEY-----
Oct 14 14:33:43 firewall pluto[28430]: |   Proc-Type: 4,ENCRYPTED
Oct 14 14:33:43 firewall pluto[28430]: |   DEK-Info:
DES-EDE3-CBC,F561E93B0DF4ACC8
Oct 14 14:33:43 firewall pluto[28430]: |   -----END RSA PRIVATE KEY-----
Oct 14 14:33:43 firewall pluto[28430]: |   decrypting file using
'DES-EDE3-CBC'
Oct 14 14:33:43 firewall pluto[28430]: |   file coded in PEM format
Oct 14 14:33:43 firewall pluto[28430]: | L0 - RSAPrivateKey:
Oct 14 14:33:43 firewall pluto[28430]: | L1 - version:
Oct 14 14:33:43 firewall pluto[28430]: | L1 - modulus:
Oct 14 14:33:43 firewall pluto[28430]: | L1 - publicExponent:
Oct 14 14:33:43 firewall pluto[28430]: | L1 - privateExponent:
Oct 14 14:33:43 firewall pluto[28430]: | L1 - prime1:
Oct 14 14:33:43 firewall pluto[28430]: | L1 - prime2:
Oct 14 14:33:43 firewall pluto[28430]: | L1 - exponent1:
Oct 14 14:33:43 firewall pluto[28430]: | L1 - exponent2:
Oct 14 14:33:43 firewall pluto[28430]: | L1 - coefficient:
Oct 14 14:33:43 firewall pluto[28430]: loaded private key for keyid:
PPK_RSA:AwEAAav/b
Oct 14 14:33:43 firewall pluto[28430]: loading secrets from
"/etc/ipsec.d/firewall-key.secrets"
Oct 14 14:33:43 firewall pluto[28430]: loaded private key for keyid:
PPK_RSA:AQOWMNen9
Oct 14 14:34:46 firewall sshd[28979]: Accepted password for root from
172.31.254.64 port 61281 ssh2
Oct 14 14:34:46 firewall sshd[28979]: pam_unix(sshd:session): session opened
for user root by (uid=0)
Oct 14 14:35:11 firewall pluto[28430]: shutting down
Oct 14 14:35:11 firewall pluto[28430]: forgetting secrets
Oct 14 14:35:11 firewall pluto[28430]: shutting down interface lo/lo ::1:500
Oct 14 14:35:11 firewall pluto[28430]: shutting down interface lo/lo
127.0.0.1:4500
Oct 14 14:35:11 firewall pluto[28430]: shutting down interface lo/lo
127.0.0.1:500
Oct 14 14:35:11 firewall pluto[28430]: shutting down interface eth1/eth1
172.31.254.1:4500
Oct 14 14:35:11 firewall pluto[28430]: shutting down interface eth1/eth1
172.31.254.1:500
Oct 14 14:35:11 firewall pluto[28430]: shutting down interface eth2/eth2
172.31.253.1:4500
Oct 14 14:35:11 firewall pluto[28430]: shutting down interface eth2/eth2
172.31.253.1:500
Oct 14 14:35:11 firewall pluto[28430]: shutting down interface eth3/eth3
172.31.252.1:4500
Oct 14 14:35:11 firewall pluto[28430]: shutting down interface eth3/eth3
172.31.252.1:500
Oct 14 14:35:11 firewall pluto[28430]: shutting down interface eth0/eth0
99.249.237.152:4500
Oct 14 14:35:11 firewall pluto[28430]: shutting down interface eth0/eth0
99.249.237.152:500
Oct 14 14:35:11 firewall pluto[28430]: shutting down interface ppp0/ppp0
172.31.250.1:4500
Oct 14 14:35:11 firewall pluto[28430]: shutting down interface ppp0/ppp0
172.31.250.1:500
Oct 14 14:35:16 firewall ipsec__plutorun: Starting Pluto subsystem...
Oct 14 14:35:16 firewall pluto[29730]: Starting Pluto (Openswan Version
2.6.14; Vendor ID OEoSJUweaqAX) pid:29730
Oct 14 14:35:16 firewall pluto[29730]: Setting NAT-Traversal port-4500
floating to on
Oct 14 14:35:16 firewall pluto[29730]:    port floating activation criteria
nat_t=1/port_float=1
Oct 14 14:35:16 firewall pluto[29730]:    including NAT-Traversal patch
(Version 0.6c)
Oct 14 14:35:16 firewall pluto[29730]: using /dev/urandom as source of
random entropy
Oct 14 14:35:16 firewall pluto[29730]: | event added at head of queue
Oct 14 14:35:16 firewall pluto[29730]: | event added at head of queue
Oct 14 14:35:16 firewall pluto[29730]: ike_alg_register_enc(): Activating
OAKLEY_TWOFISH_CBC_SSH: Ok (ret=0)
Oct 14 14:35:16 firewall pluto[29730]: ike_alg_register_enc(): Activating
OAKLEY_TWOFISH_CBC: Ok (ret=0)
Oct 14 14:35:16 firewall pluto[29730]: ike_alg_register_enc(): Activating
OAKLEY_SERPENT_CBC: Ok (ret=0)
Oct 14 14:35:16 firewall pluto[29730]: ike_alg_register_enc(): Activating
OAKLEY_AES_CBC: Ok (ret=0)
Oct 14 14:35:16 firewall pluto[29730]: ike_alg_register_enc(): Activating
OAKLEY_BLOWFISH_CBC: Ok (ret=0)
Oct 14 14:35:16 firewall pluto[29730]: ike_alg_register_hash(): Activating
OAKLEY_SHA2_512: Ok (ret=0)
Oct 14 14:35:16 firewall pluto[29730]: ike_alg_register_hash(): Activating
OAKLEY_SHA2_256: Ok (ret=0)
Oct 14 14:35:16 firewall pluto[29730]: starting up 1 cryptographic helpers
Oct 14 14:35:16 firewall pluto[29732]: using /dev/urandom as source of
random entropy
Oct 14 14:35:16 firewall pluto[29730]: started helper pid=29732 (fd:7)
Oct 14 14:35:16 firewall pluto[29730]: Using Linux 2.6 IPsec interface code
on 2.6.25.14108b.fc9-firewall (experimental code)
Oct 14 14:35:17 firewall pluto[29730]: ike_alg_register_enc(): WARNING: enc
alg=0 not found in constants.c:oakley_enc_names  
Oct 14 14:35:17 firewall pluto[29730]: ike_alg_register_enc(): Activating
<NULL>: Ok (ret=0)
Oct 14 14:35:17 firewall pluto[29730]: ike_alg_register_enc(): WARNING: enc
alg=0 not found in constants.c:oakley_enc_names  
Oct 14 14:35:17 firewall pluto[29730]: ike_alg_add(): ERROR: Algorithm
already exists
Oct 14 14:35:17 firewall pluto[29730]: ike_alg_register_enc(): Activating
<NULL>: FAILED (ret=-17)
Oct 14 14:35:17 firewall pluto[29730]: ike_alg_register_enc(): WARNING: enc
alg=0 not found in constants.c:oakley_enc_names  
Oct 14 14:35:17 firewall pluto[29730]: ike_alg_add(): ERROR: Algorithm
already exists
Oct 14 14:35:17 firewall pluto[29730]: ike_alg_register_enc(): Activating
<NULL>: FAILED (ret=-17)
Oct 14 14:35:17 firewall pluto[29730]: ike_alg_register_enc(): WARNING: enc
alg=0 not found in constants.c:oakley_enc_names  
Oct 14 14:35:17 firewall pluto[29730]: ike_alg_add(): ERROR: Algorithm
already exists
Oct 14 14:35:17 firewall pluto[29730]: ike_alg_register_enc(): Activating
<NULL>: FAILED (ret=-17)
Oct 14 14:35:17 firewall pluto[29730]: ike_alg_register_enc(): WARNING: enc
alg=0 not found in constants.c:oakley_enc_names  
Oct 14 14:35:17 firewall pluto[29730]: ike_alg_add(): ERROR: Algorithm
already exists
Oct 14 14:35:17 firewall pluto[29730]: ike_alg_register_enc(): Activating
<NULL>: FAILED (ret=-17)
Oct 14 14:35:17 firewall pluto[29730]: ike_alg_register_enc(): WARNING: enc
alg=0 not found in constants.c:oakley_enc_names  
Oct 14 14:35:17 firewall pluto[29730]: ike_alg_add(): ERROR: Algorithm
already exists
Oct 14 14:35:17 firewall pluto[29730]: ike_alg_register_enc(): Activating
<NULL>: FAILED (ret=-17)
Oct 14 14:35:18 firewall pluto[29730]: Changed path to directory
'/etc/ipsec.d/cacerts'
Oct 14 14:35:18 firewall pluto[29730]:   loaded CA cert file 'ocg.cer' (1175
bytes)
Oct 14 14:35:18 firewall pluto[29730]: |   file coded in DER format
Oct 14 14:35:18 firewall pluto[29730]: | L0 - certificate:
Oct 14 14:35:18 firewall pluto[29730]: | L1 - tbsCertificate:
Oct 14 14:35:18 firewall pluto[29730]: | L2 - DEFAULT v1:
Oct 14 14:35:18 firewall pluto[29730]: | L3 - version:
Oct 14 14:35:18 firewall pluto[29730]: |   v3
Oct 14 14:35:18 firewall pluto[29730]: | L2 - serialNumber:
Oct 14 14:35:18 firewall pluto[29730]: | L2 - signature:
Oct 14 14:35:18 firewall pluto[29730]: | L3 - algorithmIdentifier:
Oct 14 14:35:18 firewall pluto[29730]: | L4 - algorithm:
Oct 14 14:35:18 firewall pluto[29730]: |   'sha-1WithRSAEncryption'
Oct 14 14:35:18 firewall pluto[29730]: | L2 - issuer:
Oct 14 14:35:18 firewall pluto[29730]: |   'DC=ca, DC=ocg, CN=OCG
Certificate Authority'
Oct 14 14:35:18 firewall pluto[29730]: | L2 - validity:
Oct 14 14:35:18 firewall pluto[29730]: | L3 - notBefore:
Oct 14 14:35:18 firewall pluto[29730]: | L4 - utcTime:
Oct 14 14:35:18 firewall pluto[29730]: |   'Sep 29 03:06:37 UTC 2006'
Oct 14 14:35:18 firewall pluto[29730]: | L3 - notAfter:
Oct 14 14:35:18 firewall pluto[29730]: | L4 - utcTime:
Oct 14 14:35:18 firewall pluto[29730]: |   'Sep 29 03:14:33 UTC 2031'
Oct 14 14:35:18 firewall pluto[29730]: | L2 - subject:
Oct 14 14:35:18 firewall pluto[29730]: |   'DC=ca, DC=ocg, CN=OCG
Certificate Authority'
Oct 14 14:35:18 firewall pluto[29730]: | L2 - subjectPublicKeyInfo:
Oct 14 14:35:18 firewall pluto[29730]: | L3 - algorithm:
Oct 14 14:35:18 firewall pluto[29730]: | L4 - algorithmIdentifier:
Oct 14 14:35:18 firewall pluto[29730]: | L5 - algorithm:
Oct 14 14:35:18 firewall pluto[29730]: |   'rsaEncryption'
Oct 14 14:35:18 firewall pluto[29730]: | L3 - subjectPublicKey:
Oct 14 14:35:18 firewall pluto[29730]: | L4 - RSAPublicKey:
Oct 14 14:35:18 firewall pluto[29730]: | L5 - modulus:
Oct 14 14:35:18 firewall pluto[29730]: | L5 - publicExponent:
Oct 14 14:35:18 firewall pluto[29730]: | L2 - optional extensions:
Oct 14 14:35:18 firewall pluto[29730]: | L3 - extensions:
Oct 14 14:35:18 firewall pluto[29730]: | L4 - extension:
Oct 14 14:35:18 firewall pluto[29730]: | L5 - extnID:
Oct 14 14:35:18 firewall pluto[29730]: |   'keyUsage'
Oct 14 14:35:18 firewall pluto[29730]: | L5 - critical:
Oct 14 14:35:18 firewall pluto[29730]: |   FALSE
Oct 14 14:35:18 firewall pluto[29730]: | L5 - extnValue:
Oct 14 14:35:18 firewall pluto[29730]: | L4 - extension:
Oct 14 14:35:18 firewall pluto[29730]: | L5 - extnID:
Oct 14 14:35:18 firewall pluto[29730]: |   'basicConstraints'
Oct 14 14:35:18 firewall pluto[29730]: | L5 - critical:
Oct 14 14:35:18 firewall pluto[29730]: |   TRUE
Oct 14 14:35:18 firewall pluto[29730]: | L5 - extnValue:
Oct 14 14:35:18 firewall pluto[29730]: | L6 - basicConstraints:
Oct 14 14:35:18 firewall pluto[29730]: | L7 - CA:
Oct 14 14:35:18 firewall pluto[29730]: |   TRUE
Oct 14 14:35:18 firewall pluto[29730]: | L4 - extension:
Oct 14 14:35:18 firewall pluto[29730]: | L5 - extnID:
Oct 14 14:35:18 firewall pluto[29730]: |   'subjectKeyIdentifier'
Oct 14 14:35:18 firewall pluto[29730]: | L5 - critical:
Oct 14 14:35:18 firewall pluto[29730]: |   FALSE
Oct 14 14:35:18 firewall pluto[29730]: | L5 - extnValue:
Oct 14 14:35:18 firewall pluto[29730]: | L6 - keyIdentifier:
Oct 14 14:35:18 firewall pluto[29730]: | L4 - extension:
Oct 14 14:35:18 firewall pluto[29730]: | L5 - extnID:
Oct 14 14:35:18 firewall pluto[29730]: |   'crlDistributionPoints'
Oct 14 14:35:18 firewall pluto[29730]: | L5 - critical:
Oct 14 14:35:18 firewall pluto[29730]: |   FALSE
Oct 14 14:35:18 firewall pluto[29730]: | L5 - extnValue:
Oct 14 14:35:18 firewall pluto[29730]: | L6 - crlDistributionPoints:
Oct 14 14:35:18 firewall pluto[29730]: | L7 - DistributionPoint:
Oct 14 14:35:18 firewall pluto[29730]: | L8 - distributionPoint:
Oct 14 14:35:18 firewall pluto[29730]: | L9 - fullName:
Oct 14 14:35:18 firewall pluto[29730]: | L10 - generalNames:
Oct 14 14:35:18 firewall pluto[29730]: | L11 - generalName:
Oct 14 14:35:18 firewall pluto[29730]: | L12 - uniformResourceIdentifier:
Oct 14 14:35:18 firewall pluto[29730]: |
'ldap:///CN=OCG%20Certificate%20Authority,CN=fps,CN=CDP,CN=Public%20Key%20Se
rvices,CN=Services,CN=Configuration,DC=ocg,DC=ca?certificateRevocationList?b
ase?objectClass=cRLDistributionPoint'
Oct 14 14:35:18 firewall pluto[29730]: | L11 - generalName:
Oct 14 14:35:18 firewall pluto[29730]: | L12 - uniformResourceIdentifier:
Oct 14 14:35:18 firewall pluto[29730]: |
'http://fps.ocg.ca/CertEnroll/OCG%20Certificate%20Authority.crl'
Oct 14 14:35:18 firewall pluto[29730]: | L4 - extension:
Oct 14 14:35:18 firewall pluto[29730]: | L5 - extnID:
Oct 14 14:35:18 firewall pluto[29730]: | L5 - critical:
Oct 14 14:35:18 firewall pluto[29730]: |   FALSE
Oct 14 14:35:18 firewall pluto[29730]: | L5 - extnValue:
Oct 14 14:35:18 firewall pluto[29730]: | L1 - signatureAlgorithm:
Oct 14 14:35:18 firewall pluto[29730]: | L2 - algorithmIdentifier:
Oct 14 14:35:18 firewall pluto[29730]: | L3 - algorithm:
Oct 14 14:35:18 firewall pluto[29730]: |   'sha-1WithRSAEncryption'
Oct 14 14:35:18 firewall pluto[29730]: | L1 - signatureValue:
Oct 14 14:35:18 firewall pluto[29730]: |   authcert inserted
Oct 14 14:35:18 firewall pluto[29730]: Could not change to directory
'/etc/ipsec.d/aacerts': /
Oct 14 14:35:18 firewall pluto[29730]: Could not change to directory
'/etc/ipsec.d/ocspcerts': /
Oct 14 14:35:18 firewall pluto[29730]: Could not change to directory
'/etc/ipsec.d/crls'
Oct 14 14:35:18 firewall pluto[29730]: Changing back to directory '/' failed
- (2 No such file or directory)
Oct 14 14:35:18 firewall pluto[29730]: Changing back to directory '/' failed
- (2 No such file or directory)
Oct 14 14:35:18 firewall pluto[29730]: | event added after event
EVENT_REINIT_SECRET
Oct 14 14:35:18 firewall pluto[29730]: listening for IKE messages
Oct 14 14:35:18 firewall pluto[29730]: adding interface ppp0/ppp0
172.31.250.1:500
Oct 14 14:35:18 firewall pluto[29730]: adding interface ppp0/ppp0
172.31.250.1:4500
Oct 14 14:35:18 firewall pluto[29730]: adding interface eth0/eth0
99.249.237.152:500
Oct 14 14:35:18 firewall pluto[29730]: adding interface eth0/eth0
99.249.237.152:4500
Oct 14 14:35:18 firewall pluto[29730]: adding interface eth3/eth3
172.31.252.1:500
Oct 14 14:35:18 firewall pluto[29730]: adding interface eth3/eth3
172.31.252.1:4500
Oct 14 14:35:18 firewall pluto[29730]: adding interface eth2/eth2
172.31.253.1:500
Oct 14 14:35:18 firewall pluto[29730]: adding interface eth2/eth2
172.31.253.1:4500
Oct 14 14:35:18 firewall pluto[29730]: adding interface eth1/eth1
172.31.254.1:500
Oct 14 14:35:18 firewall pluto[29730]: adding interface eth1/eth1
172.31.254.1:4500
Oct 14 14:35:18 firewall pluto[29730]: adding interface lo/lo 127.0.0.1:500
Oct 14 14:35:18 firewall pluto[29730]: adding interface lo/lo 127.0.0.1:4500
Oct 14 14:35:18 firewall pluto[29730]: adding interface lo/lo ::1:500
Oct 14 14:35:18 firewall pluto[29730]: loading secrets from
"/etc/ipsec.secrets"
Oct 14 14:35:18 firewall pluto[29730]:   loaded private key file
'/etc/ipsec.d/private/firewall-private-key.pem' (963 bytes)
Oct 14 14:35:18 firewall pluto[29730]: |   file content is not binary ASN.1
Oct 14 14:35:18 firewall pluto[29730]: |   -----BEGIN RSA PRIVATE KEY-----
Oct 14 14:35:18 firewall pluto[29730]: |   Proc-Type: 4,ENCRYPTED
Oct 14 14:35:18 firewall pluto[29730]: |   DEK-Info:
DES-EDE3-CBC,F561E93B0DF4ACC8
Oct 14 14:35:18 firewall pluto[29730]: |   -----END RSA PRIVATE KEY-----
Oct 14 14:35:18 firewall pluto[29730]: |   decrypting file using
'DES-EDE3-CBC'
Oct 14 14:35:18 firewall pluto[29730]: |   file coded in PEM format
Oct 14 14:35:18 firewall pluto[29730]: | L0 - RSAPrivateKey:
Oct 14 14:35:18 firewall pluto[29730]: | L1 - version:
Oct 14 14:35:18 firewall pluto[29730]: | L1 - modulus:
Oct 14 14:35:18 firewall pluto[29730]: | L1 - publicExponent:
Oct 14 14:35:18 firewall pluto[29730]: | L1 - privateExponent:
Oct 14 14:35:18 firewall pluto[29730]: | L1 - prime1:
Oct 14 14:35:18 firewall pluto[29730]: | L1 - prime2:
Oct 14 14:35:18 firewall pluto[29730]: | L1 - exponent1:
Oct 14 14:35:18 firewall pluto[29730]: | L1 - exponent2:
Oct 14 14:35:18 firewall pluto[29730]: | L1 - coefficient:
Oct 14 14:35:18 firewall pluto[29730]: loaded private key for keyid:
PPK_RSA:AwEAAav/b
Oct 14 14:35:18 firewall pluto[29730]: loading secrets from
"/etc/ipsec.d/firewall-key.secrets"
Oct 14 14:35:18 firewall pluto[29730]: loaded private key for keyid:
PPK_RSA:AQOWMNen9
Oct 14 14:37:16 firewall pluto[29730]: | event added at head of queue
Oct 14 14:39:16 firewall pluto[29730]: | event added at head of queue
Oct 14 14:41:16 firewall pluto[29730]: | event added at head of queue
Oct 14 14:43:16 firewall pluto[29730]: | event added at head of queue
Oct 14 14:45:16 firewall pluto[29730]: | event added at head of queue
Oct 14 14:47:16 firewall pluto[29730]: | event added at head of queue
Oct 14 14:49:16 firewall pluto[29730]: | event added at head of queue
Oct 14 14:50:31 firewall pluto[29730]: forgetting secrets
Oct 14 14:50:31 firewall pluto[29730]: loading secrets from
"/etc/ipsec.secrets"
Oct 14 14:50:31 firewall pluto[29730]:   loaded private key file
'/etc/ipsec.d/private/firewall-private-key.pem' (963 bytes)
Oct 14 14:50:31 firewall pluto[29730]: |   file content is not binary ASN.1
Oct 14 14:50:31 firewall pluto[29730]: |   -----BEGIN RSA PRIVATE KEY-----
Oct 14 14:50:31 firewall pluto[29730]: |   Proc-Type: 4,ENCRYPTED
Oct 14 14:50:31 firewall pluto[29730]: |   DEK-Info:
DES-EDE3-CBC,F561E93B0DF4ACC8
Oct 14 14:50:31 firewall pluto[29730]: |   -----END RSA PRIVATE KEY-----
Oct 14 14:50:31 firewall pluto[29730]: |   decrypting file using
'DES-EDE3-CBC'
Oct 14 14:50:31 firewall pluto[29730]: |   file coded in PEM format
Oct 14 14:50:31 firewall pluto[29730]: | L0 - RSAPrivateKey:
Oct 14 14:50:31 firewall pluto[29730]: | L1 - version:
Oct 14 14:50:31 firewall pluto[29730]: | L1 - modulus:
Oct 14 14:50:31 firewall pluto[29730]: | L1 - publicExponent:
Oct 14 14:50:31 firewall pluto[29730]: | L1 - privateExponent:
Oct 14 14:50:31 firewall pluto[29730]: | L1 - prime1:
Oct 14 14:50:31 firewall pluto[29730]: | L1 - prime2:
Oct 14 14:50:31 firewall pluto[29730]: | L1 - exponent1:
Oct 14 14:50:31 firewall pluto[29730]: | L1 - exponent2:
Oct 14 14:50:31 firewall pluto[29730]: | L1 - coefficient:
Oct 14 14:50:31 firewall pluto[29730]: loaded private key for keyid:
PPK_RSA:AwEAAav/b
Oct 14 14:50:31 firewall pluto[29730]: loading secrets from
"/etc/ipsec.d/firewall-key.secrets"
Oct 14 14:50:31 firewall pluto[29730]: loaded private key for keyid:
PPK_RSA:AQOWMNen9
Oct 14 14:50:31 firewall pluto[29730]: Changed path to directory
'/etc/ipsec.d/cacerts'
Oct 14 14:50:32 firewall pluto[29730]:   loaded CA cert file 'ocg.cer' (1175
bytes)
Oct 14 14:50:32 firewall pluto[29730]: |   file coded in DER format
Oct 14 14:50:32 firewall pluto[29730]: | L0 - certificate:
Oct 14 14:50:32 firewall pluto[29730]: | L1 - tbsCertificate:
Oct 14 14:50:32 firewall pluto[29730]: | L2 - DEFAULT v1:
Oct 14 14:50:32 firewall pluto[29730]: | L3 - version:
Oct 14 14:50:32 firewall pluto[29730]: |   v3
Oct 14 14:50:32 firewall pluto[29730]: | L2 - serialNumber:
Oct 14 14:50:32 firewall pluto[29730]: | L2 - signature:
Oct 14 14:50:32 firewall pluto[29730]: | L3 - algorithmIdentifier:
Oct 14 14:50:32 firewall pluto[29730]: | L4 - algorithm:
Oct 14 14:50:32 firewall pluto[29730]: |   'sha-1WithRSAEncryption'
Oct 14 14:50:32 firewall pluto[29730]: | L2 - issuer:
Oct 14 14:50:32 firewall pluto[29730]: |   'DC=ca, DC=ocg, CN=OCG
Certificate Authority'
Oct 14 14:50:32 firewall pluto[29730]: | L2 - validity:
Oct 14 14:50:32 firewall pluto[29730]: | L3 - notBefore:
Oct 14 14:50:32 firewall pluto[29730]: | L4 - utcTime:
Oct 14 14:50:32 firewall pluto[29730]: |   'Sep 29 03:06:37 UTC 2006'
Oct 14 14:50:32 firewall pluto[29730]: | L3 - notAfter:
Oct 14 14:50:32 firewall pluto[29730]: | L4 - utcTime:
Oct 14 14:50:32 firewall pluto[29730]: |   'Sep 29 03:14:33 UTC 2031'
Oct 14 14:50:32 firewall pluto[29730]: | L2 - subject:
Oct 14 14:50:32 firewall pluto[29730]: |   'DC=ca, DC=ocg, CN=OCG
Certificate Authority'
Oct 14 14:50:32 firewall pluto[29730]: | L2 - subjectPublicKeyInfo:
Oct 14 14:50:32 firewall pluto[29730]: | L3 - algorithm:
Oct 14 14:50:32 firewall pluto[29730]: | L4 - algorithmIdentifier:
Oct 14 14:50:32 firewall pluto[29730]: | L5 - algorithm:
Oct 14 14:50:32 firewall pluto[29730]: |   'rsaEncryption'
Oct 14 14:50:32 firewall pluto[29730]: | L3 - subjectPublicKey:
Oct 14 14:50:32 firewall pluto[29730]: | L4 - RSAPublicKey:
Oct 14 14:50:32 firewall pluto[29730]: | L5 - modulus:
Oct 14 14:50:32 firewall pluto[29730]: | L5 - publicExponent:
Oct 14 14:50:32 firewall pluto[29730]: | L2 - optional extensions:
Oct 14 14:50:32 firewall pluto[29730]: | L3 - extensions:
Oct 14 14:50:32 firewall pluto[29730]: | L4 - extension:
Oct 14 14:50:32 firewall pluto[29730]: | L5 - extnID:
Oct 14 14:50:32 firewall pluto[29730]: |   'keyUsage'
Oct 14 14:50:32 firewall pluto[29730]: | L5 - critical:
Oct 14 14:50:32 firewall pluto[29730]: |   FALSE
Oct 14 14:50:32 firewall pluto[29730]: | L5 - extnValue:
Oct 14 14:50:32 firewall pluto[29730]: | L4 - extension:
Oct 14 14:50:32 firewall pluto[29730]: | L5 - extnID:
Oct 14 14:50:32 firewall pluto[29730]: |   'basicConstraints'
Oct 14 14:50:32 firewall pluto[29730]: | L5 - critical:
Oct 14 14:50:32 firewall pluto[29730]: |   TRUE
Oct 14 14:50:32 firewall pluto[29730]: | L5 - extnValue:
Oct 14 14:50:32 firewall pluto[29730]: | L6 - basicConstraints:
Oct 14 14:50:32 firewall pluto[29730]: | L7 - CA:
Oct 14 14:50:32 firewall pluto[29730]: |   TRUE
Oct 14 14:50:32 firewall pluto[29730]: | L4 - extension:
Oct 14 14:50:32 firewall pluto[29730]: | L5 - extnID:
Oct 14 14:50:32 firewall pluto[29730]: |   'subjectKeyIdentifier'
Oct 14 14:50:32 firewall pluto[29730]: | L5 - critical:
Oct 14 14:50:32 firewall pluto[29730]: |   FALSE
Oct 14 14:50:32 firewall pluto[29730]: | L5 - extnValue:
Oct 14 14:50:32 firewall pluto[29730]: | L6 - keyIdentifier:
Oct 14 14:50:32 firewall pluto[29730]: | L4 - extension:
Oct 14 14:50:32 firewall pluto[29730]: | L5 - extnID:
Oct 14 14:50:32 firewall pluto[29730]: |   'crlDistributionPoints'
Oct 14 14:50:32 firewall pluto[29730]: | L5 - critical:
Oct 14 14:50:32 firewall pluto[29730]: |   FALSE
Oct 14 14:50:32 firewall pluto[29730]: | L5 - extnValue:
Oct 14 14:50:32 firewall pluto[29730]: | L6 - crlDistributionPoints:
Oct 14 14:50:32 firewall pluto[29730]: | L7 - DistributionPoint:
Oct 14 14:50:32 firewall pluto[29730]: | L8 - distributionPoint:
Oct 14 14:50:32 firewall pluto[29730]: | L9 - fullName:
Oct 14 14:50:32 firewall pluto[29730]: | L10 - generalNames:
Oct 14 14:50:32 firewall pluto[29730]: | L11 - generalName:
Oct 14 14:50:32 firewall pluto[29730]: | L12 - uniformResourceIdentifier:
Oct 14 14:50:32 firewall pluto[29730]: |
'ldap:///CN=OCG%20Certificate%20Authority,CN=fps,CN=CDP,CN=Public%20Key%20Se
rvices,CN=Services,CN=Configuration,DC=ocg,DC=ca?certificateRevocationList?b
ase?objectClass=cRLDistributionPoint'
Oct 14 14:50:32 firewall pluto[29730]: | L11 - generalName:
Oct 14 14:50:32 firewall pluto[29730]: | L12 - uniformResourceIdentifier:
Oct 14 14:50:32 firewall pluto[29730]: |
'http://fps.ocg.ca/CertEnroll/OCG%20Certificate%20Authority.crl'
Oct 14 14:50:32 firewall pluto[29730]: | L4 - extension:
Oct 14 14:50:32 firewall pluto[29730]: | L5 - extnID:
Oct 14 14:50:32 firewall pluto[29730]: | L5 - critical:
Oct 14 14:50:32 firewall pluto[29730]: |   FALSE
Oct 14 14:50:32 firewall pluto[29730]: | L5 - extnValue:
Oct 14 14:50:32 firewall pluto[29730]: | L1 - signatureAlgorithm:
Oct 14 14:50:32 firewall pluto[29730]: | L2 - algorithmIdentifier:
Oct 14 14:50:32 firewall pluto[29730]: | L3 - algorithm:
Oct 14 14:50:32 firewall pluto[29730]: |   'sha-1WithRSAEncryption'
Oct 14 14:50:32 firewall pluto[29730]: | L1 - signatureValue:
Oct 14 14:50:32 firewall pluto[29730]: |   authcert is already present and
identical
Oct 14 14:50:32 firewall pluto[29730]: Could not change to directory
'/etc/ipsec.d/aacerts': /
Oct 14 14:50:32 firewall pluto[29730]: Could not change to directory
'/etc/ipsec.d/ocspcerts': /
Oct 14 14:50:32 firewall pluto[29730]: Changing back to directory '/' failed
- (2 No such file or directory)
Oct 14 14:50:32 firewall pluto[29730]: Could not change to directory
'/etc/ipsec.d/crls'
Oct 14 14:50:32 firewall pluto[29730]: Changing back to directory '/' failed
- (2 No such file or directory)
Oct 14 14:51:16 firewall pluto[29730]: | event added at head of queue
Oct 14 14:53:16 firewall pluto[29730]: | event added at head of queue
Oct 14 14:55:16 firewall pluto[29730]: | event added at head of queue
Oct 14 14:57:16 firewall pluto[29730]: | event added at head of queue
Oct 14 14:59:16 firewall pluto[29730]: | event added at head of queue
Oct 14 15:01:16 firewall pluto[29730]: | event added at head of queue
Oct 14 15:03:16 firewall pluto[29730]: | event added at head of queue
Oct 14 15:05:16 firewall pluto[29730]: | event added at head of queue
Oct 14 15:07:16 firewall pluto[29730]: | event added at head of queue
Oct 14 15:09:16 firewall pluto[29730]: | event added at head of queue
Oct 14 15:11:16 firewall pluto[29730]: | event added at head of queue
Oct 14 15:13:16 firewall pluto[29730]: | event added at head of queue
Oct 14 15:15:16 firewall pluto[29730]: | event added at head of queue
Oct 14 15:17:16 firewall pluto[29730]: | event added at head of queue
Oct 14 15:19:16 firewall pluto[29730]: | event added at head of queue
Oct 14 15:21:16 firewall pluto[29730]: | event added at head of queue
Oct 14 15:23:16 firewall pluto[29730]: | event added at head of queue
Oct 14 15:25:16 firewall pluto[29730]: | event added at head of queue
[root at firewall.ocg.ca ~]

-----Original Message-----
From: Paul Wouters [mailto:paul at xelerance.com] 
Sent: October 14, 2008 3:00 PM
To: Michelle Dupuis
Cc: users at openswan.org
Subject: RE: [Openswan Users] My private keys not showing up with --listall
Importance: High

On Tue, 14 Oct 2008, OCG Technical Support wrote:

> I added that parameter, but don't see any different logging to stdout or
syslog on restart.  What should I see?

There should be more logs in /var/log/secure or /var/log/auth.log

> By the way - I'm working my way through your great book.  In case you end
up creating another edition, I can send you some thoughts (areas of
confusion in some sections) off-list (or on-list).

I am planning on revising it for IKEv2, once openswan 2.6 is stable enough
that I can give the book some attention. So go ahead (either on the list or
in private)

Paul



More information about the Users mailing list