[Openswan Users] Problem with PGP authentication
Ygor Regados
ygor.regados at yahoo.com.br
Sun Feb 6 18:05:25 EST 2011
Hi,
I want to establish an tunnel between two servers using PGP/GnuPG keys.
One side is using CentOS with strongSwan 4.5, the other is using Openswan
with Fedora 14.
In the Openswan side, the configuration doesn't seem to work. The keys
aren't loaded.
My configuration:
Config file:
------------------------------------------------------------
conn srv2-srv1
left=192.168.252.12
right=192.168.252.1
leftcert=srv2.asc
rightcert=srv1.asc
auto=add
conn srv2-srv1-v6s
also=srv2-srv1
connaddrfamily=ipv6
rightsubnet=0::/0
leftsourceip=2001:1291:236:6000::2
------------------------------------------------------------
Secrets file:
------------------------------------------------------------
: RSA srv2key.asc
------------------------------------------------------------
The keys are in /etc/ipsec.d/certs (public keys) and /etc/ipsec.d/private
(secret keys). They were generated following the instructions in
http://openswan.org/docs/local/README.x509.
Outputs:
[root at srv2 ipsec.d]# ipsec auto --rereadsecrets
003 "/etc/ipsec.d/srv2-srv1.secrets" line 1: NSS certficate not found
[root at srv2 ipsec.d]# ipsec auto --listall
000
000 List of Public Keys:
000
000 List of Pre-shared secrets (from /etc/ipsec.secrets)
000 1: PSK %any 192.168.252.12
[root at srv2 ipsec.d]# ipsec auto --add srv2-srv1
/usr/libexec/ipsec/addconn Non-fips mode set in
/proc/sys/crypto/fips_enabled
defaulting leftsubnet to 2001:1291:236:6000::2
037 can not load certificate file srv2.asc
037 can not load certificate file srv1.asc
Any ideas?
Thanks,
Ygor
More information about the Users
mailing list