Re: [Users] error "unable to locate my private key for RSA Signature"

From: Sam Sgro (sam_at_freeswan.org)
Date: Thu Oct 17 2002 - 21:23:33 CEST

• Next message: Ken Bantoft: "Re: [Users] Hardware Acceleration Question"
• Previous message: News Day: "[Users] Condividi i tuoi files con Grokster"
• In reply to: Martin A. Brooks: "[Users] error "unable to locate my private key for RSA Signature""
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

-----BEGIN PGP SIGNED MESSAGE-----

On Wed, 16 Oct 2002, Martin A. Brooks wrote:

> I've been setting up a new installation of freeswan. I set up both sides of
> the tunnel and tried to bring it up. When I did so I received the error
> message "unable to locate my private key for RSA Signature". Searching the
> lists, this indicates that I've somehow borked ipsec.secrets - so I deleted
> it a recreated it like this...
>
> cd /etc
> rm ipsec.secrets
> ipsec newhostkey --output ipsec.secrets --bits 1024
>
> And I then extracted the public keys with
>
> ipsec showhostkey --left
> ipsec showhostkey --right
>
> and placed these values in the appropriate places and repeated on the
> second machine.

ipsec showhostkey --left and --right shouldn't be run on the same machine, of
course.

Your best bet when producing a config: declare one side to be left, and one
side to be right. (Remember, left and right are abitrary.) Produce an config
using those IPs. Run showhostkey --left on the left machine, and viceversa.
Append the output to the config, as you have done, and copy it to both
machines.

> conn clues-fast
*snip*
> conn fast-clues

Draw a network diagram, because you're using real IPs on one side, but NAT'ted
ones on another. I'm wondering why this is necessary, or if you're making
things

What's with the ids, too? Given your setup - RSA keys with known IPs - it
shouldn't be needed for any reason.

- --
Sam Sgro
sam_at_freeswan.org

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv
Comment: For the matching public key, finger the Reply-To: address.

iQCVAwUBPa8ONkOSC4btEQUtAQHsgAQAgUDosLMB29bFIMDIsCmFrZmrJu4Z+Jk0
PD9UPgsE2uio6dKRcviXw18FqgNWlS0dhbOSvTd7qEeuPCHIFsRhVnpgfLykbzbU
3EQKfyv/zPyuzcqJwrPbPnItV0ou38Ix0doFr28meL3zmnGfi7QYWGRJ4G9vVyTP
Uomoprlt6IA=
=qTeO
-----END PGP SIGNATURE-----

_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

• Next message: Ken Bantoft: "Re: [Users] Hardware Acceleration Question"
• Previous message: News Day: "[Users] Condividi i tuoi files con Grokster"
• In reply to: Martin A. Brooks: "[Users] error "unable to locate my private key for RSA Signature""
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.5 : Fri Oct 18 2002 - 05:20:28 CEST