[Openswan Users] Openswan and V-IPSecure

JT Edwards tstrike34 at gmail.com
Fri Sep 11 15:51:45 EDT 2009 

Paul,

No success.... Here is the latest:

ipsec.secrets (no password)

: RSA /etc/ipsec.d/private/ca_key.pem


-bash-3.2# ipsec auto --listall
000
000 List of Public Keys:
000
000 Sep 11 14:49:00 2009, 2048 RSA Key AwEAAdRjy (no private key), until Nov 
20 11:00:01 2011 ok
000        ID_DER_ASN1_DN 'C=US, ST=TX, L=Austin, O=AutomaticIT, 
OU=Executive'
000        Issuer 'C=US, ST=TX, L=Austin, O=AutomaticIT, OU=Executive, 
CN=AIT, E=jt.edwards at automaticit.com'
000 List of Pre-shared secrets (from /etc/ipsec.secrets)
000     1: RSA (none) (none)
000
000 List of X.509 End Certificates:
000
000 Sep 11 14:49:00 2009, count: 1
000        subject: 'C=US, ST=TX, L=Austin, O=AutomaticIT, OU=Executive'
000        issuer:  'C=US, ST=TX, L=Austin, O=AutomaticIT, OU=Executive, 
CN=AIT, E=jt.edwards at automaticit.com'
000        serial:   00:e9:97:94:7d:7f:75:2f:5a
000        pubkey:   2048 RSA Key AwEAAdRjy
000        validity: not before Sep 11 12:00:01 2009 ok
000                  not after  Nov 20 11:00:01 2011 ok
000
000 List of X.509 CA Certificates:
000
000 Sep 11 14:49:00 2009, count: 1
000        subject: 'C=US, ST=TX, L=Austin, O=AutomaticIT, OU=Executive, 
CN=AIT, E=jt.edwards at automaticit.com'
000        issuer:  'C=US, ST=TX, L=Austin, O=AutomaticIT, OU=Executive, 
CN=AIT, E=jt.edwards at automaticit.com'
000        serial:   00:8a:66:2f:7d:43:a3:a1:cc
000        pubkey:   2048 RSA Key AwEAAc3GG, has private key
000        validity: not before Sep 11 11:47:44 2009 ok
000                  not after  Nov 20 10:47:44 2011 ok
000        subjkey: 
ee:4d:cc:22:d7:5a:ff:61:f7:94:aa:1d:bb:2c:5c:76:db:fb:a9:21
000        authkey: 
ee:4d:cc:22:d7:5a:ff:61:f7:94:aa:1d:bb:2c:5c:76:db:fb:a9:21
000        aserial:  00:8a:66:2f:7d:43:a3:a1:cc
000
000 List of X.509 CRLs:
000
000 Sep 11 14:49:00 2009, revoked certs: 0
000        issuer:  'C=US, ST=TX, L=Austin, O=AutomaticIT, OU=Executive, 
CN=AIT, E=jt.edwards at automaticit.com'
000        updates:  this Sep 11 13:57:38 2009
000                  next Oct 11 13:57:38 2009 ok

JT Edwards
Senior Solutions Architect (Automation and Service Management)
IBM Tivoli Certified
Direct: 281-226-0284
Direct: 512-772-3266
Follow Me: 1866-866-4391 ext 1
AIM tstrike34
GoogleTalk tstrike34 at gmail.com

--------------------------------------------------
From: "Paul Wouters" <paul at xelerance.com>
Sent: Friday, September 11, 2009 3:38 PM
To: "JT Edwards" <tstrike34 at gmail.com>
Cc: <users at openswan.org>
Subject: Re: [Openswan Users] Openswan and V-IPSecure

> On Fri, 11 Sep 2009, JT Edwards wrote:
>
>> Sep 11 14:20:04 whiskers pluto[31676]: "ait-torden" #2: Main mode peer ID 
>> is ID_DER_ASN1_DN: 'C=US, ST=TX, L=Austin, O=AutomaticIT, OU=Executive'
>> Sep 11 14:20:04 whiskers pluto[31676]: "ait-torden" #2: no suitable 
>> connection for peer 'C=US, ST=TX, L=Austin, O=AutomaticIT, OU=Executive'
>
>> conn ait-torden
>>       auto=start
>>       authby=rsasig
>>       rekey=no
>>       type=tunnel
>>       left=22.123.34.56
>>       leftcert=/etc/ipsec.d//certs/ait2torden.pem
>>       leftrsasigkey=/etc/ipsec.d/private/ca_key.pem
>
> Either use leftcert= or leftrsasigkey=, not both. In this case you want 
> leftcert.
>
>>       leftsendcert=always
>>       leftid="C=US/ST=TX/L=Austin/O=AutomaticIT/OU=Executive"
>>       right=12.234.22.224
>>       # rightid="C=US/ST=TX/L=Austin/O=AutomaticIT/OU=Executive"
>>       rightrsasigkey=/etc/ipsec.d/private/ca_key.pem
>
> leave out rightrsasigkey=
> add:
>  rightca=%same
>
> left/rightrsasigkey is for raw RSA keys. left/rightcert= is for RSA in 
> X.509 certs.
>
> Paul

More information about the Users mailing list