[strongSwan] trying to get basic pubkey strongswan connection with certificates up and running
Cindy Moore
ctmoore at cs.ucsd.edu
Mon Sep 15 20:38:39 CEST 2014
Oh good grief, I think I have found the solution:
in ipsec.secrets, I have to have
: RSA vpnHostKey.pem
and ipsec restart
>.<
Well that's Linux down. Next up, Mac!
Thank you all for your responses, especially Noel -- sometimes it's
just those little nudges that keep you going thru each iteration of
whackamole (!)
On Sun, Sep 14, 2014 at 8:55 PM, Cindy Moore <ctmoore at cs.ucsd.edu> wrote:
> I don't know why it caches old ones (I've redone some of them because
> of typos and such, and I can't find anything to remove these
> extra ones o.O -- maybe this is the problem?)
>
>
> root at vpn:/etc# ipsec listcerts
>
> List of X.509 End Entity Certificates:
>
> altNames: moi
> subject: "C=CH, O=strongSwan, CN=moi"
> issuer: "C=CH, O=strongSwan, CN=strongSwan Root CA"
> serial: 3d:70:d0:89:e8:99:b8:40
> validity: not before Sep 14 20:12:14 2014, ok
> not after Sep 13 20:12:14 2016, ok
> pubkey: RSA 2048 bits
> keyid: 48:59:8c:9e:f3:be:3f:ee:7c:c3:76:71:ed:85:c1:bb:fb:a1:9b:0e
> subjkey: 3b:1d:40:6d:2d:fb:bc:3b:b6:43:8c:04:35:c2:5a:ce:ed:09:13:72
> authkey: d2:2f:8c:6c:da:eb:1c:59:4e:e0:0b:46:57:0d:5e:e3:a7:2a:99:d6
>
> altNames: vpn.example.com
> subject: "C=CH, O=strongSwan, CN=vpn.example.com"
> issuer: "C=CH, O=strongSwan, CN=strongSwan Root CA"
> serial: 2f:c2:6e:7b:e9:2b:a0:2c
> validity: not before Sep 14 20:11:41 2014, ok
> not after Sep 13 20:11:41 2016, ok
> pubkey: RSA 2048 bits
> keyid: 15:2b:b8:df:df:03:d7:21:f5:8f:33:21:f3:82:d9:bf:a4:ba:57:65
> subjkey: 3e:42:26:fc:36:24:7c:6e:7d:1b:40:f0:30:50:ae:89:84:14:09:62
> authkey: d2:2f:8c:6c:da:eb:1c:59:4e:e0:0b:46:57:0d:5e:e3:a7:2a:99:d6
>
> altNames: vpn.example.com
> subject: "C=CH, O=strongSwan, CN=vpn.example.com"
> issuer: "C=CH, O=strongSwan, CN=strongSwan Root CA"
> serial: 96:41:c5:da:2c:a8:ad:d3
> validity: not before Sep 13 22:18:37 2014, ok
> not after Sep 12 22:18:37 2016, ok
> pubkey: RSA 2048 bits
> keyid: 15:2b:b8:df:df:03:d7:21:f5:8f:33:21:f3:82:d9:bf:a4:ba:57:65
> subjkey: 3e:42:26:fc:36:24:7c:6e:7d:1b:40:f0:30:50:ae:89:84:14:09:62
> authkey: d2:2f:8c:6c:da:eb:1c:59:4e:e0:0b:46:57:0d:5e:e3:a7:2a:99:d6
>
> altNames: vpn.example.com, vpn.zeitgeist.se
> subject: "C=CH, O=strongSwan, CN=vpn.example.com"
> issuer: "C=CH, O=strongSwan, CN=strongSwan Root CA"
> serial: 54:e3:01:d5:c9:11:24:5d
> validity: not before Sep 11 01:13:34 2014, ok
> not after Sep 10 01:13:34 2016, ok
> pubkey: RSA 2048 bits
> keyid: f5:27:1b:2c:16:c7:d2:61:cf:63:78:29:d2:cf:98:84:fc:2a:cf:a0
> subjkey: 01:22:8c:82:15:ba:9c:de:d6:82:bc:67:24:dd:2c:23:04:4a:34:17
> authkey: d2:2f:8c:6c:da:eb:1c:59:4e:e0:0b:46:57:0d:5e:e3:a7:2a:99:d6
>
>
>
> Current ipsec.conf:
>
> config setup
> charondebug="cfg 2, dmn 2, ike 2, net 2"
>
> conn %default
> ikelifetime=60m
> keylife=20m
> rekeymargin=3m
> keyingtries=1
> keyexchange=ike
> leftcert=vpnHostCert.pem
> leftid="C=CH, O=strongSwan, CN=vpn.example.com"
>
> conn roadwarrior
> left=xxx.xxx.xxx.xxx
> leftsubnet=0.0.0.0/0
> right=%any
> rightid=%any
> rightauth=pubkey
> rightsourceip=xxx.xx.xxx.0/24
> auto=add
>
> And then this is the relevant portion from vpn.example.com's syslog:
>
> Sep 14 20:47:56 vpn charon: 08[CFG] selected peer config 'roadwarrior'
> Sep 14 20:47:56 vpn charon: 08[CFG] using certificate "C=CH,
> O=strongSwan, CN=moi"
> Sep 14 20:47:56 vpn charon: 08[CFG] certificate "C=CH, O=strongSwan,
> CN=moi" key: 2048 bit RSA
> Sep 14 20:47:56 vpn charon: 08[CFG] using trusted ca certificate
> "C=CH, O=strongSwan, CN=strongSwan Root CA"
> Sep 14 20:47:56 vpn charon: 08[CFG] checking certificate status of
> "C=CH, O=strongSwan, CN=moi"
> Sep 14 20:47:56 vpn charon: 08[CFG] ocsp check skipped, no ocsp found
> Sep 14 20:47:56 vpn charon: 08[CFG] certificate status is not available
> Sep 14 20:47:56 vpn charon: 08[CFG] certificate "C=CH, O=strongSwan,
> CN=strongSwan Root CA" key: 4096 bit RSA
> Sep 14 20:47:56 vpn charon: 08[CFG] reached self-signed root ca with
> a path length of 0
> Sep 14 20:47:56 vpn charon: 08[IKE] authentication of 'C=CH,
> O=strongSwan, CN=moi' with RSA signature successful
> Sep 14 20:47:56 vpn charon: 08[IKE] processing INTERNAL_IP4_ADDRESS attribute
> Sep 14 20:47:56 vpn charon: 08[IKE] processing INTERNAL_IP4_DNS attribute
> Sep 14 20:47:56 vpn charon: 08[IKE] processing INTERNAL_IP4_NBNS attribute
> Sep 14 20:47:56 vpn charon: 08[IKE] peer supports MOBIKE
> Sep 14 20:47:56 vpn charon: 08[IKE] no private key found for 'C=CH,
> O=strongSwan, CN=vpn.example.com'
> Sep 14 20:47:56 vpn charon: 08[ENC] generating IKE_AUTH response 1 [
> N(AUTH_FAILED) ]
>
> On Sun, Sep 14, 2014 at 4:15 AM, Noel Kuntze <noel at familie-kuntze.de> wrote:
>>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA256
>>
>> Hello Cindy,
>>
>> The "or" in my previous message was an exclusive or.
>> Meaning, set either of these.
>> Can you show me your "ipsec listcerts"?
>> Also, if the key is encrypted, you need to provide the passphrase for it in /etc/ipsec.secrets.
>>
>> Mit freundlichen Grüßen/Regards,
>> Noel Kuntze
>>
>> GPG Key ID: 0x63EC6658
>> Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
>> Am 14.09.2014 um 07:57 schrieb Cindy Moore:
>>> OK, I am now spotting this in the syslog, but I'm a bit at a loss... I
>>> have this private file (vpnHostKey.pem) set to 600. How can I find
>>> out where it's lookign for the private key? I have all mine in
>>> /etc/ipsec.d/private (see below)...
>>>
>>> Sep 13 22:42:47 vpn charon: 15[IKE] no private key found for 'C=CH,
>>> O=strongSwan, CN=vpn.example.com'
>>>
>>> ipsec.conf is now:
>>>
>>> config setup
>>> charondebug="cfg 2, dmn 2, ike 2, net 2"
>>>
>>> conn %default
>>> ikelifetime=60m
>>> keylife=20m
>>> rekeymargin=3m
>>> keyingtries=1
>>> keyexchange=ike
>>> leftcert=vpnHostCert.pem
>>> leftid="C=CH, O=strongSwan, CN=vpn.example.com"
>>>
>>> conn roadwarrior
>>> #vpn server
>>> left=137.110.222.66
>>> #allow full tunneling
>>> leftsubnet=0.0.0.0/0
>>> right=%any
>>> rightid=%any
>>> rightauth=pubkey
>>> #rightauth2=xauth-pam
>>> #assign ip addr from this pool
>>> rightsourceip=xxx.xx.xxx.0/24
>>> auto=add
>>>
>>> and
>>>
>>> root at vpn:/etc/ipsec.d# ipsec statusall
>>> Status of IKE charon daemon (strongSwan 5.1.2, Linux 3.13.0-35-generic, x86_64):
>>> uptime: 2 days, since Sep 11 14:16:36 2014
>>> malloc: sbrk 2568192, mmap 0, used 429616, free 2138576
>>> worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0,
>>> scheduled: 0
>>> loaded plugins: charon test-vectors ldap aes rc2 sha1 sha2 md4 md5
>>> random nonce x509 revocation constraints pkcs1 pkcs7 pkcs8 pkcs12 pem
>>> openssl xcbc cmac hk
>>> Virtual IP pools (size/online/offline):
>>> xxx.xx.xxx.0/24: 254/0/0
>>> Listening IP addresses:
>>> xxx.xxx.xxx.xxx
>>> (ipv6 deleted)
>>> Connections:
>>> roadwarrior: xxx.xxx.xxx.xxx...%any IKEv1/2
>>> roadwarrior: local: [C=CH, O=strongSwan, CN=vpn.example.com] uses
>>> public key authentication
>>> roadwarrior: cert: "C=CH, O=strongSwan, CN=vpn.example.com"
>>> roadwarrior: remote: uses public key authentication
>>> roadwarrior: child: 0.0.0.0/0 === dynamic TUNNEL
>>> Security Associations (0 up, 0 connecting):
>>> none
>>>
>>> and...
>>>
>>> root at vpn:/etc/ipsec.d# ls -F
>>> aacerts/ acerts/ cacerts/ certs/ crls/ ocspcerts/ policies/
>>> private/ README reqs/
>>> root at vpn:/etc/ipsec.d# ls -lt private/
>>> total 12
>>> -rw------- 1 root root 1679 Sep 13 22:19 moiKey.pem
>>> -rw------- 1 root root 1675 Sep 13 22:18 vpnHostKey.pem
>>> -rw------- 1 root root 3243 Sep 11 00:39 strongswanKey.pem
>>>
>>> thanks!
>>>
>>> On Sat, Sep 13, 2014 at 11:52 AM, Noel Kuntze <noel at familie-kuntze.de> wrote:
>>>>
>>> Hello Cindy,
>>>
>>> Please set the leftid to "C=CH, O=strongSwan, CN=vpn.example.com" or set leftcert to the file name of your server certificate.
>>>
>>> Mit freundlichen Grüßen/Regards,
>>> Noel Kuntze
>>>
>>> GPG Key ID: 0x63EC6658
>>> Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
>>> Am 13.09.2014 um 16:17 schrieb Cindy Moore:
>>> >>> Ah, thank you for the Network Manager explanation. I thought that
>>> >>> was very strange. I didn't realize it didn't run with root
>>> >>> privileges.
>>> >>>
>>> >>> As for the ipsec.conf file, it is fine. It is the email client that
>>> >>> destroys how it is formatted when I send it out, so you guys can't see
>>> >>> how it looks but
>>> >>>
>>> >>> root at vpn:/etc# ipsec statusall
>>> >>> Status of IKE charon daemon (strongSwan 5.1.2, Linux 3.13.0-35-generic, x86_64):
>>> >>> uptime: 40 hours, since Sep 11 14:16:36 2014
>>> >>> malloc: sbrk 2568192, mmap 0, used 416528, free 2151664
>>> >>> worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0,
>>> >>> scheduled: 0
>>> >>> loaded plugins: charon test-vectors ldap aes rc2 sha1 sha2 md4 md5
>>> >>> random nonce x509 revocation constraints pkcs1 pkcs7 pkcs8 pkcs12 pem
>>> >>> openssl xcbc cmac hk
>>> >>> Virtual IP pools (size/online/offline):
>>> >>> xxx.xx.xxx.0/24: 254/0/0
>>> >>> Listening IP addresses:
>>> >>> xxx.xxx.xxx.xxx
>>> >>> (ipv6 address deleted)
>>> >>> Connections:
>>> >>> roadwarrior: xxx.xxx.xxx.xxx...%any IKEv1/2
>>> >>> roadwarrior: local: [vpn.example.com] uses public key authentication
>>> >>> roadwarrior: cert: "C=CH, O=strongSwan, CN=vpn.example.com"
>>> >>> roadwarrior: remote: uses public key authentication
>>> >>> roadwarrior: child: 0.0.0.0/0 === dynamic TUNNEL
>>> >>> Security Associations (0 up, 0 connecting):
>>> >>> none
>>> >>>
>>> >>>
>>> >>> Thanks,
>>> >>>
>>> >>>
>>> >>> On Sat, Sep 13, 2014 at 3:24 AM, Noel Kuntze <noel at familie-kuntze.de> wrote:
>>> >>>>
>>> >>> Hello Cindy,
>>> >>>
>>> >>> As network manager doesn't run as your user, you need to give
>>> >>> it access to the certificate and the private key in your home directory.
>>> >>> You can do this by changing the group of those files to a group
>>> >>> the network manager user is in and giving said group read
>>> >>> access to the file and execute access down the path to said files.
>>> >>>
>>> >>> Yes, the error message indicates a configuration mismatch
>>> >>> between the server and the client.
>>> >>>
>>> >>> I think you need to indent the section parameters with a tab for strongSwan to read them correctly.
>>> >>> Check with "ipsec statusall", if it correctly read all the conn definitions.
>>> >>>
>>> >>> Mit freundlichen Grüßen/Regards,
>>> >>> Noel Kuntze
>>> >>>
>>> >>> GPG Key ID: 0x63EC6658
>>> >>> Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
>>> >>> Am 13.09.2014 um 00:05 schrieb Cindy Moore:
>>> >>>>>> Hi, I'm hoping I can get some tips or direction here, because I've
>>> >>>>>> been banging my head on this for a while.
>>> >>>>>>
>>> >>>>>> I have strongswan 5 installed on ubuntu 14.04 with all the latest updates, etc:
>>> >>>>>> root at vpn:/etc# ipsec version
>>> >>>>>> Linux strongSwan U5.1.2/K3.13.0-35-generic
>>> >>>>>>
>>> >>>>>> This part seems to be functioning fine. I've used the ipsec pki to
>>> >>>>>> generate a vpn cacert, and then a couple of certs to test things with.
>>> >>>>>> (For reference, I've included the steps I took to create those below,
>>> >>>>>> along with my ipsec.conf)
>>> >>>>>>
>>> >>>>>> All I want is to set up a connection between two machines, both
>>> >>>>>> running 14.04. "vpn" is a server install, client is a desktop
>>> >>>>>> install. I've installed the network-manager-strongswan (version
>>> >>>>>> 1.3.0-1ubuntu1) and restarted the network manager. I've tried to
>>> >>>>>> configure it as per
>>> >>>>>> https://wiki.strongswan.org/projects/strongswan/wiki/NetworkManager
>>> >>>>>> but there are already some differences in what's shown and what I get.
>>> >>>>>>
>>> >>>>>> Instead of Authentication, there is now Client, with Authentication
>>> >>>>>> under that (and additional options depending on what is chosen for
>>> >>>>>> Authentication. The choices for Authentication are
>>> >>>>>> Certificate/private key, Certificate/ssh-agent, Smartcard, EAP. I
>>> >>>>>> have questions about the ssh-agent, but I'll tabulate those for now.
>>> >>>>>> Anyway, so when I choose Certificate/private key, I get two more
>>> >>>>>> options below Authentication, which are Certificate and Private key.
>>> >>>>>>
>>> >>>>>> So for Gateway, I've got down vpn.example.com (name changed to protect
>>> >>>>>> guilty of course :) )
>>> >>>>>> and for Certificate, I have vpnHostCert.pem (see below). For
>>> >>>>>> Authentication, Certifcate/private key, for Certificate, moiCert.pem
>>> >>>>>> (see below) and for private key moiKey.pem (see below). I've checked
>>> >>>>>> the options to request an inner IP address, and to enforce udp
>>> >>>>>> encapsulation, but have left the ip compression unchecked.
>>> >>>>>>
>>> >>>>>> Under the General and IPv4 settings, I've left the latter to the
>>> >>>>>> deafult Automatic (VPN), for the former, I've tried both checking and
>>> >>>>>> unchecking "all users may connect..."
>>> >>>>>>
>>> >>>>>> [NB: I find that I MUST have all .pem files set to 644 and any
>>> >>>>>> directory along their path to 755 or else Network Manager stalls with
>>> >>>>>> asking me for a password and the client's syslog contains "charon-nm:
>>> >>>>>> 15[LIB] opening 'path/to/moiKey.pem' filed: Permission denied", which
>>> >>>>>> strikes me as rather strange: to force a private key to be readable??
>>> >>>>>> In this case client is a personal laptop so maybe not that bad, but
>>> >>>>>> really?]
>>> >>>>>>
>>> >>>>>> In following the syslog output on the vpn host, I see:
>>> >>>>>>
>>> >>>>>> Sep 12 14:42:02 vpn charon: 04[CFG] looking for peer configs matching
>>> >>>>>> xxx.xxx.xxx.xxx[C=CH, O=strongSwan, CN=vpn.example.com]...<client's
>>> >>>>>> current IP addr>[C=CH, O=strongSwan, CN=moi]
>>> >>>>>> Sep 12 14:42:02 vpn charon: 04[CFG] no matching peer config found
>>> >>>>>>
>>> >>>>>> so my guess is the conn roadwarrior (see below) isn't properly configured?
>>> >>>>>>
>>> >>>>>> I would appreciate any help... getting this configured has been a huge
>>> >>>>>> headache. Thanks.
>>> >>>>>>
>>> >>>>>> --------------
>>> >>>>>> Background info/files:
>>> >>>>>>
>>> >>>>>> CAcert/key:
>>> >>>>>>
>>> >>>>>> $ cd /etc/ipsec.d/
>>> >>>>>> $ ipsec pki --gen --type rsa --size 4096 \
>>> >>>>>> --outform pem \
>>> >>>>>>> private/strongswanKey.pem
>>> >>>>>> $ chmod 600 private/strongswanKey.pem
>>> >>>>>> $ ipsec pki --self --ca --lifetime 3650 \
>>> >>>>>> --in private/strongswanKey.pem --type rsa \
>>> >>>>>> --dn "C=CH, O=strongSwan, CN=strongSwan Root CA" \
>>> >>>>>> --outform pem \
>>> >>>>>>> cacerts/strongswanCert.pem
>>> >>>>>>
>>> >>>>>> vpnHostKey/Cert:
>>> >>>>>>
>>> >>>>>> $ cd /etc/ipsec.d/
>>> >>>>>> $ ipsec pki --gen --type rsa --size 2048 \
>>> >>>>>> --outform pem \
>>> >>>>>>> private/vpnHostKey.pem
>>> >>>>>> $ chmod 600 private/vpnHostKey.pem
>>> >>>>>> $ ipsec pki --pub --in private/vpnHostKey.pem --type rsa | \
>>> >>>>>> ipsec pki --issue --lifetime 730 \
>>> >>>>>> --cacert cacerts/strongswanCert.pem \
>>> >>>>>> --cakey private/strongswanKey.pem \
>>> >>>>>> --dn "C=CH, O=strongSwan, CN=vpn.example.com" \
>>> >>>>>> --san vpn.example.com \
>>> >>>>>> --flag serverAuth --flag ikeIntermediate \
>>> >>>>>> --outform pem > certs/vpnHostCert.pem
>>> >>>>>>
>>> >>>>>> Client cert/key:
>>> >>>>>>
>>> >>>>>> $ cd /etc/ipsec.d/
>>> >>>>>> $ ipsec pki --gen --type rsa --size 2048 \
>>> >>>>>> --outform pem \
>>> >>>>>>> private/moiKey.pem
>>> >>>>>> $ chmod 600 private/moiKey.pem
>>> >>>>>> $ ipsec pki --pub --in private/moiKey.pem --type rsa | \
>>> >>>>>> ipsec pki --issue --lifetime 730 \
>>> >>>>>> --cacert cacerts/strongswanCert.pem \
>>> >>>>>> --cakey private/strongswanKey.pem \
>>> >>>>>> --dn "C=CH, O=strongSwan, CN=moi" \
>>> >>>>>> --san moi \
>>> >>>>>> --outform pem > certs/moiCert.pem
>>> >>>>>>
>>> >>>>>> ("moi" is just a standin for my personal uid)
>>> >>>>>>
>>> >>>>>> ipsec.conf (note that this email client is munging the tabs, but ipsec
>>> >>>>>> reload is perfectly happy with this conf file's syntax)
>>> >>>>>>
>>> >>>>>> config setup
>>> >>>>>> # uniqueids=never
>>> >>>>>> charondebug="cfg 2, dmn 2, ike 2, net 2"
>>> >>>>>>
>>> >>>>>> conn %default
>>> >>>>>> ikelifetime=60m
>>> >>>>>> keylife=20m
>>> >>>>>> rekeymargin=3m
>>> >>>>>> keyingtries=1
>>> >>>>>> #note iOS, Android, xauth-pam are all ikev1!
>>> >>>>>> keyexchange=ike
>>> >>>>>>
>>> >>>>>> conn roadwarrior
>>> >>>>>> #vpn server
>>> >>>>>> left=xxx.xxx.xxx.xxx
>>> >>>>>> #allow full tunneling
>>> >>>>>> leftsubnet=0.0.0.0/0
>>> >>>>>> right=%any
>>> >>>>>> rightauth=pubkey
>>> >>>>>> #assign ip addr from this pool
>>> >>>>>> rightsourceip=xxx.xx.xx.0/24
>>> >>>>>> auto=add
>>> >>>>>> _______________________________________________
>>> >>>>>> Users mailing list
>>> >>>>>> Users at lists.strongswan.org
>>> >>>>>> https://lists.strongswan.org/mailman/listinfo/users
>>> >>>
>>> >>>>
>>> >>>> _______________________________________________
>>> >>>> Users mailing list
>>> >>>> Users at lists.strongswan.org
>>> >>>> https://lists.strongswan.org/mailman/listinfo/users
>>>
>>>>
>>>>
>>
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v2
>>
>> iQIcBAEBCAAGBQJUFXjhAAoJEDg5KY9j7GZYZsQP/0ENZlcTwN3T4HUIN87AQWFT
>> TtKR0GKBt0vY/UhduNLSYb642dYRI8AXwrTQJe5rwW/3Zy9U9B2z26rRmKUJxS55
>> f9lFHRHSBYfJCzYW2ZfybsAVx7ESKRxqENaa7jI/KMCDE0KpAMAM3Jg0zomYCRpp
>> BVD8fQKCxp0Mp15Fs1N8H283jIDZBuw3QL9EOE/rooWVKetXXVTMDurB3Woafr7v
>> zNrclFEgH/a0KhFEPGL+9twttDA93DonQcAfQoIez1bsxEhCO77NgLpLL7DF72+U
>> xorr4ENHycl1fhANmFfnH0sgMy/lU6t31JCi4IHVd8Sz2gz3UyV3c1FgzBPjgAfh
>> CsbavAjYcYuI2jVGcw3/vRyMvCgYdgrQBemV21sp8E9K2fOuVKYip05wWzJrYxwP
>> KX5FnMnDrVbMTUcoRLNpKiHwS+OI7onIDdSAJpjh0mBC2tlqcWvVt+HvXkinygIK
>> +L3gGXZDVMhmySGUyZgI2zfTJVB7ULUTt8QjI9jtuKiVA7z0cmniKEMarIS8qWMS
>> loCG3HkdNKYZ6kNNaWT3eG3rjMIxH/jpwb7hLK/LcbxlXc0atQ2Z0KK5HlGugO63
>> z8V+GvDuTvB+wYp7Z2KbAWYyLihVKqKwdXpV4dZDvbmi7ZTQceHiJPqB32icXw/n
>> mOw843hs9NAi4XYm33zs
>> =Wsrr
>> -----END PGP SIGNATURE-----
>>
>>
More information about the Users
mailing list