[strongSwan] need help for host2host-cert setup
Abbhishek Misra
abhishekfishy2000 at gmail.com
Thu Mar 25 06:22:35 CET 2010
Thanks for a quick reply Andreas. It able to read secret as shown
below but does not list it.
There is nothing in /var/log/messages related to listing secrets
plm56:~/abhishek # ipsec rereadsecrets
plm56:~/abhishek #
plm56:~/abhishek # tail /var/log/messages
Mar 25 05:00:03 plm56 su: (to nobody) root on none
Mar 25 05:00:03 plm56 su: pam_unix_session(su:session): session opened
for user nobody by (uid=0)
Mar 25 05:00:03 plm56 su: pam_unix_session(su:session): session closed
for user nobody
Mar 25 05:00:03 plm56 su: (to nobody) root on none
Mar 25 05:00:03 plm56 su: pam_unix_session(su:session): session opened
for user nobody by (uid=0)
Mar 25 05:00:17 plm56 su: pam_unix_session(su:session): session closed
for user nobody
Mar 25 05:00:18 plm56 /usr/sbin/cron[4251]:
pam_unix_session(crond:session): session closed for user root
Mar 25 05:11:37 plm56 charon: 16[CFG] rereading secrets
Mar 25 05:11:37 plm56 charon: 16[CFG] loading secrets from '/etc/ipsec.secrets'
Mar 25 05:11:37 plm56 charon: 16[CFG] loaded private key file
'/etc/ipsec.d/private/newkey.pem'
plm56:~/abhishek #
On Wed, Mar 24, 2010 at 7:07 PM, Andreas Steffen
<andreas.steffen at strongswan.org> wrote:
> Execute
>
> ipsec rereadsecrets
>
> and look for error messages in the log. It might be that your passphrase
> is not correct.
>
> ipsec listcerts
>
> should show your certificate with the comment
>
> .., has private key
>
> Best regards
>
> Andreas
>
> On 24.03.2010 14:01, Abbhishek Misra wrote:
>> Hello All,
>>
>> I'm trying to setup host2host-cert example but very basic steps are
>> not going through.
>>
>>
>> plm56:~/abhishek # ipsec up host-host
>> initiating IKE_SA host-host[1] to 9.182.176.61
>> generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) (NATD_D_IP) ]
>> sending packet: from 9.182.176.56[500] to 9.182.176.61[500]
>> received packet: from 9.182.176.61[500] to 9.182.176.56[500]
>> parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) (NATD_D_IP)
>> N(MULT_AUTH) ]
>> no private key found for 'plm56.in.ibm.com'
>> plm56:~/abhishek #
>>
>>
>> I have used all conf files as mentioned in the example
>>
>> ipsec listcerts is not showing my certificates that i generated using
>> this doc http://www.ipsec-howto.org/x595.html
>>
>> This is how my secrets file looks
>>
>> plm56:~/abhishek # cat /etc/ipsec.secrets
>> # /etc/ipsec.secrets - strongSwan IPsec secrets file
>> : RSA newkey.pem "abhishek"
>>
>>
>> following is my dir listing http://pastebin.com/PZUgn6zQ
>>
>> this is my /etc/ssl/openssl.cnf http://pastebin.com/w3v2zymm
>>
>> i have gone through
>> https://lists.strongswan.org/pipermail/users/2009-August/003771.html
>> and verified modulus for newcert.pem and newkey.pem
>>
>> Please take a look at these and let me know what more should I do to
>> get through.
>>
>>
>> regards
>> Abhishek Misra
>
> ======================================================================
> Andreas Steffen andreas.steffen at strongswan.org
> strongSwan - the Linux VPN Solution! www.strongswan.org
> Institute for Internet Technologies and Applications
> University of Applied Sciences Rapperswil
> CH-8640 Rapperswil (Switzerland)
> ===========================================================[ITA-HSR]==
>
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users
>
More information about the Users
mailing list