[Openswan Users] Problem with setup of connection

Jobst Schmalenbach jobst at barrett.com.au
Fri Dec 18 16:57:51 EST 2009 

Hi

Have been using openswan for years, nver had trouble (other than setup problems).
I used to have to Fedora (7 and 4) boxen talking to each other, no problems.

However I have moved away from Fedora cause the update frequency is too high and I am never able to keep up, so I move one of the boxes to Centos (5.4).

I have neve had so much trouble to get something to get going.
Both are actually talking to each other but the (so no firewall problems etc) but the setup always stop at the key exchange.

I have found this one "http://fedoraproject.org/wiki/QA:Testcase_Openswan_with_nss" but I can even get that to work.

Amongst the problems I have had:

 * connect(pluto_ctl) failed: No such file or directory
 * rsakey malformed [input ends in mid-byte
 * Modulus keyword not found where expected in RSA key
 * sending encrypted notification INVALID_ID_INFORMATION 
 * unable to locate my private key for RSA Signature

and in the moment I have 

Dec 19 08:33:37 piquet pluto[24165]: "VPN_HOME_CONSULT" #1: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected
Dec 19 08:33:37 piquet pluto[24165]: "VPN_HOME_CONSULT" #1: I am sending my cert
Dec 19 08:33:37 piquet pluto[24165]: "VPN_HOME_CONSULT" #1: I am sending a certificate request
Dec 19 08:33:37 piquet pluto[24165]: "VPN_HOME_CONSULT" #1: unable to locate my private key for RSA Signature
Dec 19 08:33:37 piquet pluto[24165]: "VPN_HOME_CONSULT" #1: sending notification AUTHENTICATION_FAILED to 122.107.219.215:500

 
ipsec.conf (main server site)
On the other one I have swaped the left and right setup

config setup
       # Debug-logging controls:  "none" for (almost) none, "all" for lots.
       # klipsdebug=none
       # plutodebug="control parsing"
       # For Red Hat Enterprise Linux and Fedora, leave protostack=netkey
       protostack=netkey
       nat_traversal=yes
       virtual_private=
       oe=off
       # Enable this if you see "failed to find any available worker"
       nhelpers=0

conn %default
   keyingtries=%forever
   compress=yes

conn VPN_HOME_CONSULT

      left=150.101.215.42
      leftid="CN=usercert1"
#      leftsourceip=150.101.215.42
      leftrsasigkey=%cert
      leftcert=usercert1
      leftnexthop=%defaultroute
      leftsubnet=192.168.2.0/24
      right=122.107.219.215
      rightid="CN=usercert2"
#      rightsourceip=122.107.219.215
      rightrsasigkey=%cert
      rightcert=usercert2
      rightnexthop=%defaultroute
      rightsubnet=192.168.2.0/24
      rekey=no
      esp="aes-sha1"
      ike="aes-sha1"
      auto=start

conn block
        auto=ignore
conn clear
        auto=ignore
conn clear-or-private
        auto=ignore
conn private
        auto=ignore
conn private-or-clear
        auto=ignore
conn packetdefault
        auto=ignore












-- 
If a pig loses its voice, is it disgruntled?

  | |0| |   Jobst Schmalenbach, jobst at barrett.com.au, General Manager
  | | |0|   Barrett Consulting Group P/L & The Meditation Room P/L
  |0|0|0|   +61 3 9532 7677, POBox 277, Caulfield South, 3162, Australia

More information about the Users mailing list