Re: [Users] no RSA public key found

From: martin f krafft (madduck_at_madduck.net)
Date: Wed Oct 30 2002 - 11:03:44 CET

• Next message: Andreas Steffen: "Re: [Users] no RSA public key found"
• Previous message: Andreas Steffen: "Re: [Users] no RSA public key found"
• In reply to: Andreas Steffen: "Re: [Users] no RSA public key found"
• Next in thread: Andreas Steffen: "Re: [Users] no RSA public key found"
• Reply: Andreas Steffen: "Re: [Users] no RSA public key found"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

also sprach Andreas Steffen <andreas.steffen_at_strongsec.net> [2002.10.30.1031 +0100]:
> You take the private key file myKey.pem and store it in the directory
> /etc/ipsec.d/private. The private key is loaded via ipsec.secrets with
> the statement
>
> : RSA myKey.pem "<optional 3DES password>"

Okay, done.

> The public X.509 certificate myCert.pem is stored by default in
> /etc/ipsec.d (in version 1.0 of the X.509 patch this has changed to
> /etc/ipsec.d/certs) or you can give any relative or absolute path.
> The certificate is loaded via ipsec.conf with the statement
>
> leftcert=myCert.pem

Done. I put it in the certs subdirectory straight.

> After Pluto has started up, the command
>
> ipsec auto --listcerts
>
> should list some important parameters of myCert.pem and if myKey.pem
> has been loaded successfully, the comment "..., has private key"
> should be present.

All this is proper:

  000
  000 List of User/Host Certificates:
  000
  000 Oct 30 10:54:15 2002, count: 1
  000 subject: 'C=CH, ST=ZH, L=Zurich, O=madduck.net, CN=fishbowl.dyn.madduck.net'
  000 issuer: 'C=DE, ST=Bavaria, L=Munich, O=madduck.net, CN=madduck.net CA, E=ca_at_madduck.net'
  000 pubkey: 2048 RSA Key AwEAAbpGz, has private key
                                               ^^^^^^^^^^^^^^^
  000 validity: not before Oct 23 01:08:46 2002 ok
  000 not after Oct 23 01:08:46 2003 ok

and similar on the other side.

Still, it is not working. Now both sides report (with the left side
mentioning albatros (right) in the first line, and the right side
mentioning fishbowl (left) in the first line. and the IP in the log on
the right is that of the left side).

  "gate-albatros" #5: no suitable connection for peer
    'C=CH, ST=ZH, L=Zurich, O=madduck.net, CN=albatros.dyn.madduck.net'
  "gate-albatros" #5: sending notification INVALID_ID_INFORMATION
    to 217.162.173.237:500

I am sorry if I am being such a pain, but I really really appreciate
your help. I have to get this VPN working by tomorrow or else I'll
have some other problems.

Do let me assure you that if I get it working, then it's downhill from
there as I will learn more and more about FreeS/WAN and start helping
out on the mailing list.

Or if I can ever help someone with Debian or Check Point VPN-1/FW-1
please let me know!

-- 
martin;              (greetings from the heart of the sun.)
  \____ echo mailto: !#^."<*>"|tr "<*> mailto:" net_at_madduck
 
"der besitz der wahrheit ist nicht schrecklich,
 sondern langweilig, wie jeder besitz."
                                                 - friedrich nietzsche

_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

• application/pgp-signature attachment: stored

• Next message: Andreas Steffen: "Re: [Users] no RSA public key found"
• Previous message: Andreas Steffen: "Re: [Users] no RSA public key found"
• In reply to: Andreas Steffen: "Re: [Users] no RSA public key found"
• Next in thread: Andreas Steffen: "Re: [Users] no RSA public key found"
• Reply: Andreas Steffen: "Re: [Users] no RSA public key found"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.5 : Thu Oct 31 2002 - 05:20:35 CET