[prev in list] [next in list] [prev in thread] [next in thread]
List: linux-ipsec
Subject: [Users] pb with vpn freeswan - pgpnet
From: "Gertrude Papillon" <gpap () ifrance ! com>
Date: 2001-05-31 11:56:16
[Download RAW message or body]
Hi
I'm trying to make a VPN with PGPnet 7.04 and freeswan-snap2001may16b.
It works with preshare key but not with X509 certificate.
The problem is perhaps that I'm not sure if I know how to generate this key
Here how I make them :
openssl x509 -in newca.pem -days 1024 -out cacert.pem -signkey
private/cakey.pem
CA.sh -newreq
CA.SH -sign
openssl pkcs12 -export -in newreq.pem -out newcert.p12
to obtain the rsasigkey : fswcert -c xxx.pem
***/etc/ipsec.conf
conn gw-rw
left=194.242.172.51
leftnexthop=194.242.172.31
leftsubnet=172.28.0.0/8
leftrsasigkey=0x03010001C3592DF2BF2B8F2999F2BF9C189DBDCA4331AF6532C58215
18F0C472EBAE78E8A0B419588683794097DFC06CDCFE3DBB7A0A9693C22ED16161C765F473C8
966C
F124B83BA6F4211BB051F1864109A154E2776031927FF4E9279E32C79029B5D854AAD45559D5
8020
6F249DE109FE26A9BCA9E6E374B462F90FFD3A3064780DCB
rightrsasigkey=0x03010001AEF6634EA456B18337D5FC546012F596F7B5BC78D4A9200
8DE35E3D113BC003A920BED68C15AF33DFE52ECF52FC2AFC6F87F5F8DC2FB6C119EA34E13E17
4310
1109DAA282114F6F87BB6FC2EFA014DA053716110BE0918363920D33949A6F248C3B412241DF
B2C7
6985CFE535A5B9B5BA4B2A4366119C14EF00432F062239A4F
right=0.0.0.0
auto=add
***/etc/ipsec.secrets
: rsa {
Modulus:
0xC3592DF2BF2B8F2999F2BF9C189DBDCA4331AF6532C5821518F0C472EBAE7
8E8A0B419588683794097DFC06CDCFE3DBB7A0A9693C22ED16161C765F473C8966CF124B83BA
6F42
11BB051F1864109A154E2776031927FF4E9279E32C79029B5D854AAD45559D580206F249DE10
9FE2
6A9BCA9E6E374B462F90FFD3A3064780DCB
PublicExponent: 0x010001
PrivateExponent:
0x91F15454A0E22828CA6D031DD97E2FC6A680BE2AFACD782BCEE04
1C421B3CD7CEE62DEF4B63A0F2264D4B36C21868814424F1AC3F535091499FA607F4AE937078
7CA5
70BF714B791913DAA43FB5E3DE7D5EB02B56003C6C1771433C04D07CA4448A724798C3341B16
D606
E75B6E63914E32C346865383A6C682359AEC423CAB1
Prime1:
0xFFE28EBF95E10B28218B567AFC6158914FE294FBF1A39D60B12A2931ED7AC3
ECECC24E9636E17FA0D71908E402877DFD60C71193CE97528D400F81D573511B95
Prime2:
0xC36FA80E3EE4D9FFD9DC997782ED9BAAD7AD6008632061D656676EABAA1B80
F3840A75D3CBD4B7034B9D783DB855C57CB9BE41ACC01341DBE36C0039E8B32BDF
Exponent1:
0x9F430D81E4F13A9671BA5DCB12462C6FD4FEBBA7CC0FFFA5ECDEC6E1126
3F48A041A33FB7E90FF74C62C08C291686F5C42DDE3ECD10A9210E42C42ACEDA72FB9
Exponent2:
0x8B4EBCD122BDC832DA9DA77B0C05C8CF779B6AF7AF88F6946CD49F8B97D
EB10563DA7CF0B2BB7694CFC278622E525D4A31B04F6A0F23EAEF0D65FFA7479AE7AB
Coefficient:
0x540FB6559E00522DECEA5C68FEB65DE5D85A59E7DA9F2E5EDD23913F6
28D25E4611CEC1BBCC6A9E5DBD0E3943F930F87442DD20CA2BCF78E2641264BE63AA572
}
here is my logs
May 31 11:02:31 vpn Pluto[4772]: Starting Pluto (FreeS/WAN Version
snap2001may16
b)
May 31 11:02:32 vpn Pluto[4772]: added connection description "gw-rw"
May 31 11:02:32 vpn Pluto[4772]: listening for IKE messages
May 31 11:02:32 vpn Pluto[4772]: adding interface ipsec0/eth0 194.242.172.51
May 31 11:02:32 vpn Pluto[4772]: loading secrets from "/etc/ipsec.secrets"
May 31 11:04:03 vpn Pluto[4772]: packet from 164.138.43.192:500: ignoring
Vendor
ID payload
May 31 11:04:03 vpn Pluto[4772]: "gw-rw" #1: responding to Main Mode from
unknow
n peer 164.138.43.192
May 31 11:04:04 vpn Pluto[4772]: "gw-rw" #1: message ignored because it
contains
an payload type (ISAKMP_NEXT_CR) unexpected in this message
May 31 11:04:18 vpn last message repeated 3 times
May 31 11:05:13 vpn Pluto[4772]: "gw-rw" #1: max number of retransmissions
(2) r
eached STATE_MAIN_R2
Do you see where is the problem .
regards
______________________________________________________________________________
ifrance.com, l'email gratuit le plus complet de l'Internet !
vos emails depuis un navigateur, en POP3, sur Minitel, sur le WAP...
http://www.ifrance.com/_reloc/email.emailif
_______________________________________________
Users mailing list
Users@lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic