[Openswan Users] unable to locate my private key for RSA signature
andi tri
michank_andi at yahoo.co.id
Tue Jul 21 01:19:35 EDT 2009
hi all,
I have problem with openswan, my client can't connect with server.
no nat, no firewall in my network
i can't see error in my configuration
i'm using pluto n netkey in ubuntu desktop 8.04
i can execute all the comment bellow without error
# ipsec verify
# ipsec showhostkey --output /etc/ipsec.secrets
this is my conf
# ipsec.conf
version 2.0
config setup
interfaces="ipsec0=eth0"
uniqueids=yes
plutodebug=all
nhelpers=0
conn %default
keyingtries=1
compress=no
disablearrivalcheck=no
authby=rsasig
leftrsasigkey=%cert
rightrsasigkey=%cert
conn mommy
type=tunnel
left=111.111.111.1
leftcert=server.pem
leftca=cacert.pem
right=111.111.111.2
rightcert=client.pem
rightca=%same
auth=esp
kayexchange=ike
ike=aes128-sha1-modp1536
esp=aes128-sha1
leftsendcert=always
keylife=1h
ikelifetime=1h
rekey=no
auto=add
pfs=yes
conn block
auto=ignore
conn private
auto=ignore
conn private-or-clear
auto=ignore
conn clear-or-private
auto=ignore
conn clear
auto=ignore
conn packetdefault
auto=ignore
but in:
# ipsec auto --listcerts
i don't see "has private key"
# /var/log/auth.log
Jul 14 22:25:14 andi-laptop pluto[4689]: "mommy" #1: unable to locate my private key for RSA Signature
Jul 14 22:25:14 andi-laptop pluto[4689]: | complete state transition with (null)
Jul 14 22:25:15 andi-laptop pluto[4689]: "mommy" #1: sending notification AUTHENTICATION_FAILED to 111.111.111.1:500
btw, i ever try make it CA and cert host:
# /usr/lib/ssl/misc /usr/lib/ssl/misc/CA.sh -newca
# /usr/lib/ssl/misc /usr/lib/ssl/misc/CA.sh -newreq
# /usr/lib/ssl/misc /usr/lib/ssl/misc/CA.sh -sign
newcert.pem = server.pem
newkey = server.key
b'coz the cert can't load i try make CA based on building virtual private network with openswan.pdf, and nothing changing.
I'm searching in google then find the comment below:
# openssl x509 -in server.pem -noout -text
# openssl rsa -in server.key -noout -text
the comment is not work too. i'm sorry for my bad english.
thank u
michank
________________________________
Coba Yahoo! Mail baru yang LEBIH CEPAT. Rasakan bedanya sekarang!
________________________________
Dapatkan nama yang Anda sukai!
Sekarang Anda dapat memiliki email di @ymail.com dan @rocketmail.com.
Menambah banyak teman sangatlah mudah dan cepat. Undang teman dari Hotmail, Gmail ke Yahoo! Messenger sekarang! http://id.messenger.yahoo.com/invite/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20090721/fda024b7/attachment.html
More information about the Users
mailing list