From: Andreas Steffen (andreas.steffen_at_strongsec.net)
Date: Wed Oct 02 2002 - 20:23:27 CEST
You just cannot do this:
> leftrsasigkey=voicesignal.pem
you must write
leftcert=voicesignal.pem
instead.
Regards
Andreas
rek2 wrote:
> Hello, , Yes I am using the X.509 and I do got the x509 pre2 patch on.
>
> my ipsec.conf file is like: The objective it to have roadwarrio users
> for now I need at least one to test. and learn.
>
>
> version 2.0 # conforms to second version of ipsec.conf specification
>
> # basic configuration
> config setup
> # THIS SETTING MUST BE CORRECT or almost nothing will work;
> # %defaultroute is okay for most simple cases.
> interfaces="ipsec0=eth0"
> # Debug-logging controls: "none" for (almost) none, "all" for lots.
> klipsdebug=none
> plutodebug=none
> # Close down old connection when new one using same ID shows up.
> uniqueids=yes
>
>
>
> # defaults for subsequent connection descriptions
> conn %default
> keyingtries=%forever
> compress=yes
> disablearrivalcheck=no
> authby=rsasig
> leftrsasigkey=%cert
> rightrsasigkey=%cert
>
>
> conn roadwarrior-net
> leftsubnet=192.168.0.0/24
> also=roadwarrior
>
>
> conn roadwarrior
> right=%any
> left=66.147.180.50
> leftrsasigkey=voicesignal.pem
> auto=start
> pfs=yes
>
>
>
>
>
>
>
> On Wed, 2002-10-02 at 03:53, Andreas Steffen wrote:
>
>>You seem to use a X.509 certificate "voicesignal.pem" and run into the
>>error
>>
>> > Sep 25 20:52:49 Stargate ipsec__plutorun: whack error: "roadwarrior"
>> > leftrsasigkey RSA public-key data malformed (input does not begin with
>> > format prefix) "voicesignal.pem"
>>
>>Have you applied the patch x509-1.0.2-freeswan-2.00pre2.tar.gz
>>found at http://www.strongsec.com/freeswan ?
>>
>>How does your ipsec.conf file look like?
>>
>>Regards
>>
>>Andreas
>>
>>rek2 wrote:
>>
>>>Hello I installed freeswan for the first time, everything looks ok, I
>>>did some test and the system itself looks installed right, now I have
>>>installed the last pre2 version, and the problem is that everytime I try
>>>to use howto and copy and paste the roadwarrior configuration freeswan
>>>complains that is a old version, ok well then I go to the recent manual
>>>and look at the roadwarrior and find out what works and what not etc and
>>>got it, now I am doing RSA keys and yes I did compiled in the path for
>>>it, but the problem is that now I have to look at another howto that
>>>will use use freeswan roadwarrior and windows2000 I do the keys just
>>>like it says, download the ipsec.exe tool install the key I did on linux
>>>on the windows2000 but in the messages file when I try to connect it
>>>gives me a:
>>>(see below)
>>>well my question is there any howto special for version 2 of freeswan
>>>that goes on with roadwarrior and windows2000 configuration?
>>>
>>>I will really apreciate it...
>>>
>>>
>>>Sep 25 20:52:49 Stargate ipsec_setup: ...FreeS/WAN IPsec started
>>>Sep 25 20:52:49 Stargate ipsec__plutorun: whack error: "roadwarrior"
>>>leftrsasigkey RSA public-key data malformed (input does not begin with
>>>format prefix) "voicesignal.pem"
>>>Sep 25 20:52:49 Stargate ipsec__plutorun: ...could not add conn
>>>"roadwarrior"
>>>Sep 25 20:52:49 Stargate ipsec__plutorun: whack error: "roadwarrior-net"
>>>leftrsasigkey RSA public-key data malformed (input does not begin with
>>>format prefix) "voicesignal.pem"
>>>Sep 25 20:52:49 Stargate ipsec__plutorun: ...could not add conn
>>>"roadwarrior-net"
>>>Sep 25 20:52:49 Stargate ipsec__plutorun: ipsec_auto: fatal error in
>>>"OEself": %defaultroute requested but not known
>>>Sep 25 20:52:49 Stargate ipsec__plutorun: 003 "/etc/ipsec.secrets" line
>>>21: error loading RSA private key file
>>>Sep 25 20:52:49 Stargate ipsec__plutorun: 021 no connection named
>>>"OEself"
>>>Sep 25 20:52:49 Stargate ipsec__plutorun: ...could not route conn
>>>"OEself"
>>>
>>>
>>>
>>>
>>>
>>>_______________________________________________
>>>Users mailing list
>>>Users_at_lists.freeswan.org
>>>http://lists.freeswan.org/mailman/listinfo/users
>>
>>--
>>======================================================================
>>Andreas Steffen e-mail: andreas.steffen_at_strongsec.com
>>strongSec GmbH phone: +41 76 340 25 56
>>Alter Zürichweg 20 home: http://www.strongsec.com
>>CH-8952 Schlieren (Switzerland)
>>==========================================[strong internet security]==
>>
>>_______________________________________________
>>Users mailing list
>>Users_at_lists.freeswan.org
>>http://lists.freeswan.org/mailman/listinfo/users
>
>
>
-- ====================================================================== Andreas Steffen e-mail: andreas.steffen_at_strongsec.com strongSec GmbH phone: +41 76 340 25 56 Alter Zürichweg 20 home: http://www.strongsec.com CH-8952 Schlieren (Switzerland) ==========================================[strong internet security]== _______________________________________________ Users mailing list Users_at_lists.freeswan.org http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.5 : Thu Oct 03 2002 - 05:20:21 CEST