[Openswan Users] help: unable to locate my private key for RSA signature

andi tri michank_andi at yahoo.co.id
Mon Jul 20 02:08:37 EDT 2009 

hi all,
I have problem with openswan, my client can't connect with server. 
no nat, no firewall in my network
i can't see error in my configuration 
i'm using pluto n netkey in ubuntu desktop 8.04
i can execute all the comment bellow without error 
# ipsec verify
# ipsec showhostkey --output /etc/ipsec.secrets

this is my conf
# ipsec.conf
 
version 2.0
config setup
            interfaces="ipsec0=eth0"
            uniqueids=yes
            plutodebug=all
            nhelpers=0
  conn %default
            keyingtries=1
            compress=no
            disablearrivalcheck=no
            authby=rsasig
            leftrsasigkey=%cert
            rightrsasigkey=%cert
  conn mommy
            type=tunnel
            left=111.111.111.1
            leftcert=server.pem
            leftca=cacert.pem
            right=111.111.111.2
            rightcert=client.pem
            rightca=%same
            auth=esp
            kayexchange=ike
            ike=aes128-sha1-modp1536
            esp=aes128-sha1
            leftsendcert=always
            keylife=1h
            ikelifetime=1h
            rekey=no
            auto=add
            pfs=yes
  conn block
            auto=ignore
  conn private
            auto=ignore
  conn private-or-clear
            auto=ignore
  conn clear-or-private
            auto=ignore
  conn clear
            auto=ignore
  conn packetdefault
            auto=ignore
but in: 
# ipsec auto --listcerts
 i don't see  "has private key"
# /var/log/auth.log
Jul 14 22:25:14 andi-laptop pluto[4689]: "mommy" #1: unable to locate my private key for RSA Signature
Jul 14 22:25:14 andi-laptop pluto[4689]: | complete state transition with (null)
Jul 14 22:25:15 andi-laptop pluto[4689]: "mommy" #1: sending notification AUTHENTICATION_FAILED to 111.111.111.1:500
btw, i ever try make it CA and cert host:
# /usr/lib/ssl/misc /usr/lib/ssl/misc/CA.sh -newca
# /usr/lib/ssl/misc /usr/lib/ssl/misc/CA.sh -newreq
# /usr/lib/ssl/misc /usr/lib/ssl/misc/CA.sh -sign

newcert.pem = server.pem 
newkey = server.key

b'coz the cert can't load i try make CA based on building virtual private network with openswan.pdf, and nothing changing.
 
I'm searching in google then find the comment below:
# openssl x509 -in server.pem -noout -text
# openssl rsa -in server.key -noout -text
  
the comment is not work too. i'm sorry for my bad english.


thank u
michank



      Yahoo! Mail Kini Lebih Cepat dan Lebih Bersih. Rasakan bedanya sekarang! http://id.mail.yahoo.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20090720/23f3b603/attachment.html

More information about the Users mailing list