[Openswan Users] unable to locate my private key for RSA signature

andi tri michank_andi at yahoo.co.id
Tue Jul 21 01:19:35 EDT 2009


hi all,

I have problem with openswan, my client can't connect with server. 
no nat, no firewall in my network
i can't see error in my configuration 
i'm using pluto n netkey in ubuntu desktop 8.04
i can execute all the comment bellow without error 
# ipsec verify
# ipsec showhostkey --output /etc/ipsec.secrets

this is my conf
# ipsec.conf
 
version 2.0
config setup
            interfaces="ipsec0=eth0"
            uniqueids=yes
            plutodebug=all
            nhelpers=0
  conn %default
            keyingtries=1
            compress=no
            disablearrivalcheck=no
            authby=rsasig
            leftrsasigkey=%cert
            rightrsasigkey=%cert
  conn mommy
            type=tunnel
            left=111.111.111.1
            leftcert=server.pem
            leftca=cacert.pem
            right=111.111.111.2
            rightcert=client.pem
            rightca=%same
            auth=esp
            kayexchange=ike
            ike=aes128-sha1-modp1536
            esp=aes128-sha1
            leftsendcert=always
            keylife=1h
            ikelifetime=1h
            rekey=no
            auto=add
            pfs=yes
  conn block
            auto=ignore
  conn private
            auto=ignore
  conn private-or-clear
            auto=ignore
  conn clear-or-private
            auto=ignore
  conn clear
            auto=ignore
  conn packetdefault
            auto=ignore
but in: 
# ipsec auto --listcerts
 i don't see  "has private key"
# /var/log/auth.log
Jul 14 22:25:14 andi-laptop pluto[4689]: "mommy" #1: unable to locate my private key for RSA Signature
Jul 14 22:25:14 andi-laptop pluto[4689]: | complete state transition with (null)
Jul 14 22:25:15 andi-laptop pluto[4689]: "mommy" #1: sending notification AUTHENTICATION_FAILED to 111.111.111.1:500
btw, i ever try make it CA and cert host:
# /usr/lib/ssl/misc /usr/lib/ssl/misc/CA.sh -newca
# /usr/lib/ssl/misc /usr/lib/ssl/misc/CA.sh -newreq
# /usr/lib/ssl/misc /usr/lib/ssl/misc/CA.sh -sign

newcert.pem = server.pem 
newkey = server.key

b'coz the cert can't load i try make CA based on building virtual private network with openswan.pdf, and nothing changing.
 
I'm searching in google then find the comment below:
# openssl x509 -in server.pem -noout -text
# openssl rsa -in server.key -noout -text
  
the comment is not work too. i'm sorry for my bad english.


thank u
michank

________________________________
 Coba Yahoo! Mail baru yang LEBIH CEPAT. Rasakan bedanya sekarang! 
________________________________
 Dapatkan nama yang Anda sukai!  
Sekarang Anda dapat memiliki email di @ymail.com dan @rocketmail.com.


      Menambah banyak teman sangatlah mudah dan cepat. Undang teman dari Hotmail, Gmail ke Yahoo! Messenger sekarang! http://id.messenger.yahoo.com/invite/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20090721/fda024b7/attachment.html 


More information about the Users mailing list