Since you have already disclosed large parts of your private
key in the log you could send the ipsec.secrets file as well,
which would help very much in the diagnosis of your problem.
I suspect that either the curly brackets are missing in
: RSA {
modulus=...
publicExponent
..
}
or that the parameters "modulus", "publicExponent", etc. are
not indented or that the closing curly bracket is not indented.
If you use version 0.9.8 or newer of the X.509 patch then you
don't have to extract the private key using the fswert tool any more
but you can load the key file directly
: RSA myKeyfile.pem "<optional passphrase>"
the private key file must be place in the directory /etc/ipsec.d/private
and can be optionally encrypted with 3DES using a passphrase.
Regards
Andreas
"s.k." wrote:
>
> Hi,
> I've managed to install and configure Linux FreeS/WAN 1.97 / X.509 patch
> with PreShared Keys, but unable to do the same with RSA keys.
>
> The logs show:
> 02 loading secrets from "/etc/ipsec.secrets"
> 003 "/etc/ipsec.secrets" line 18: does not look numeric and name lookup
> failed "Private-Key"
> 003 "/etc/ipsec.secrets" line 18: unrecognized key format: (2048
> 003 "/etc/ipsec.secrets" line 19: does not look numeric and name lookup
> failed "modulus"
> 003 "/etc/ipsec.secrets" line 20: unrecognized key format:
> 00:bd:30:e3:d9:5a:8c:04:6c:88:7b:c8:d8:57:59
> 003 "/etc/ipsec.secrets" line 38: does not look numeric and name lookup
> failed "publicExponent"
> 003 "/etc/ipsec.secrets" line 38: unrecognized key format: 65537
> 003 "/etc/ipsec.secrets" line 39: does not look numeric and name lookup
> failed "privateExponent"
> 003 "/etc/ipsec.secrets" line 40: unrecognized key format:
> 00:bc:b8:6e:30:bc:cf:fb:01:c0:cb:a9:b7:94:ba
> 003 "/etc/ipsec.secrets" line 58: does not look numeric and name lookup
> failed "prime1"
> 003 "/etc/ipsec.secrets" line 59: unrecognized key format:
> 00:ef:d9:10:1b:8d:d4:52:8b:59:79:2f:3b:a0:68
> 003 "/etc/ipsec.secrets" line 68: does not look numeric and name lookup
> failed "prime2"
> 003 "/etc/ipsec.secrets" line 69: unrecognized key format:
> 00:c9:ee:82:a4:ec:3d:f2:42:76:bb:e1:c9:d6:54
> 003 "/etc/ipsec.secrets" line 78: does not look numeric and name lookup
> failed "exponent1"
> 003 "/etc/ipsec.secrets" line 79: unrecognized key format:
> 00:a0:cc:34:79:54:97:b1:13:4d:53:ea:6f:9e:36
> 003 "/etc/ipsec.secrets" line 88: does not look numeric and name lookup
> failed "exponent2"
> 003 "/etc/ipsec.secrets" line 89: unrecognized key format:
> 00:8f:06:8b:ac:6a:d3:f9:8a:8f:f4:c5:99:23:60
> 003 "/etc/ipsec.secrets" line 98: does not look numeric and name lookup
> failed "coefficient"
> 003 "/etc/ipsec.secrets" line 99: unrecognized key format:
> 00:86:ed:bb:76:c2:01:06:7b:08:39:c9:db:7b:7f
>
> Could you refer me to a related documentation or help me to troubleshoot
> the problem, so that I could fix it?
> I appreciate you answer in advance
>
> Rgds
> Serge
>
> _______________________________________________
> Users mailing list
> Users_at_lists.freeswan.org
> http://lists.freeswan.org/mailman/listinfo/users
-- ====================================================================== Andreas Steffen e-mail: andreas.steffen_at_zhwin.ch Zuercher Hochschule Winterthur home: http://www.zhwin.ch/~sna/ CH-8401 Winterthur (Switzerland) phone: +41 76 340 25 56 ===============================================================[ZHW]== _______________________________________________ Users mailing list Users_at_lists.freeswan.org http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:19:58 CEST