From: Michal Gust (m.gust_at_sh.cvut.cz)
Date: Tue Oct 29 2002 - 15:18:33 CET
Hi,
I read in some post it should work, but I still have problems with RSA
keys. I use FreeSwan 1.98b and latest Cisco 3DES IOS 12.2.11T1. I have
configuration which works fine with pre-shared keys, but if I generate
keys and try authentication using rsa-sig - authentication process
doesn't pass.
I got public key from Cisco router and pasted it to the /etc/ipsec.conf
in form "rightrsasigkey=0x30819F300D06092A864886F70D01....". I got
pubkey from /etc/ipsec.secrets, I decoded base64 encoding and made HEX
dump similar to Cisco form using hexdump -e '" " 8/4 "%08X " "\n"'
command and put it to the Cisco router configuration:
crypto key pubkey-chain rsa
addressed-key 192.168.18.12
address 192.168.18.12
key-string
6D7C0301 A36F3F2F CEB91F53 0BE6E2B9 ......
If I try make connection from Cisco to FreeSwan error message "an RSA
Sig check failure SIG length does not match public key length with
*MIIBIjANB [preloaded key]" appears in debug mode on Linux and in case
of other direction message like unable to decrypt something using public
RSA key appears on Cisco.
Can anybody help me solve this problem?
Michal Gust.
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.5 : Wed Oct 30 2002 - 05:20:34 CET