[prev in list] [next in list] [prev in thread] [next in thread] 

List:       linux-ipsec
Subject:    [Users] pb with vpn freeswan - pgpnet
From:       "Gertrude Papillon" <gpap () ifrance ! com>
Date:       2001-05-31 11:56:16
[Download RAW message or body]

Hi
I'm trying to make a VPN with PGPnet 7.04 and freeswan-snap2001may16b.

It works with preshare key but not with X509 certificate.

The problem is perhaps that I'm not sure if I know how to generate this key
Here how I make them :
openssl x509 -in newca.pem -days 1024 -out cacert.pem -signkey
private/cakey.pem
CA.sh -newreq
CA.SH -sign
openssl pkcs12 -export -in newreq.pem -out newcert.p12

to obtain the rsasigkey : fswcert -c xxx.pem

***/etc/ipsec.conf
conn gw-rw
        left=194.242.172.51
        leftnexthop=194.242.172.31
        leftsubnet=172.28.0.0/8

leftrsasigkey=0x03010001C3592DF2BF2B8F2999F2BF9C189DBDCA4331AF6532C58215
18F0C472EBAE78E8A0B419588683794097DFC06CDCFE3DBB7A0A9693C22ED16161C765F473C8
966C
F124B83BA6F4211BB051F1864109A154E2776031927FF4E9279E32C79029B5D854AAD45559D5
8020
6F249DE109FE26A9BCA9E6E374B462F90FFD3A3064780DCB

rightrsasigkey=0x03010001AEF6634EA456B18337D5FC546012F596F7B5BC78D4A9200
8DE35E3D113BC003A920BED68C15AF33DFE52ECF52FC2AFC6F87F5F8DC2FB6C119EA34E13E17
4310
1109DAA282114F6F87BB6FC2EFA014DA053716110BE0918363920D33949A6F248C3B412241DF
B2C7
6985CFE535A5B9B5BA4B2A4366119C14EF00432F062239A4F
        right=0.0.0.0
        auto=add


***/etc/ipsec.secrets
: rsa {
        Modulus:
0xC3592DF2BF2B8F2999F2BF9C189DBDCA4331AF6532C5821518F0C472EBAE7
8E8A0B419588683794097DFC06CDCFE3DBB7A0A9693C22ED16161C765F473C8966CF124B83BA
6F42
11BB051F1864109A154E2776031927FF4E9279E32C79029B5D854AAD45559D580206F249DE10
9FE2
6A9BCA9E6E374B462F90FFD3A3064780DCB
        PublicExponent: 0x010001
        PrivateExponent:
0x91F15454A0E22828CA6D031DD97E2FC6A680BE2AFACD782BCEE04
1C421B3CD7CEE62DEF4B63A0F2264D4B36C21868814424F1AC3F535091499FA607F4AE937078
7CA5
70BF714B791913DAA43FB5E3DE7D5EB02B56003C6C1771433C04D07CA4448A724798C3341B16
D606
E75B6E63914E32C346865383A6C682359AEC423CAB1
        Prime1:
0xFFE28EBF95E10B28218B567AFC6158914FE294FBF1A39D60B12A2931ED7AC3
ECECC24E9636E17FA0D71908E402877DFD60C71193CE97528D400F81D573511B95
        Prime2:
0xC36FA80E3EE4D9FFD9DC997782ED9BAAD7AD6008632061D656676EABAA1B80
F3840A75D3CBD4B7034B9D783DB855C57CB9BE41ACC01341DBE36C0039E8B32BDF
        Exponent1:
0x9F430D81E4F13A9671BA5DCB12462C6FD4FEBBA7CC0FFFA5ECDEC6E1126
3F48A041A33FB7E90FF74C62C08C291686F5C42DDE3ECD10A9210E42C42ACEDA72FB9
        Exponent2:
0x8B4EBCD122BDC832DA9DA77B0C05C8CF779B6AF7AF88F6946CD49F8B97D
EB10563DA7CF0B2BB7694CFC278622E525D4A31B04F6A0F23EAEF0D65FFA7479AE7AB
        Coefficient:
0x540FB6559E00522DECEA5C68FEB65DE5D85A59E7DA9F2E5EDD23913F6
28D25E4611CEC1BBCC6A9E5DBD0E3943F930F87442DD20CA2BCF78E2641264BE63AA572
        }

here is my logs
May 31 11:02:31 vpn Pluto[4772]: Starting Pluto (FreeS/WAN Version
snap2001may16
b)
May 31 11:02:32 vpn Pluto[4772]: added connection description "gw-rw"
May 31 11:02:32 vpn Pluto[4772]: listening for IKE messages
May 31 11:02:32 vpn Pluto[4772]: adding interface ipsec0/eth0 194.242.172.51
May 31 11:02:32 vpn Pluto[4772]: loading secrets from "/etc/ipsec.secrets"
May 31 11:04:03 vpn Pluto[4772]: packet from 164.138.43.192:500: ignoring
Vendor
 ID payload
May 31 11:04:03 vpn Pluto[4772]: "gw-rw" #1: responding to Main Mode from
unknow
n peer 164.138.43.192
May 31 11:04:04 vpn Pluto[4772]: "gw-rw" #1: message ignored because it
contains
 an payload type (ISAKMP_NEXT_CR) unexpected in this message
May 31 11:04:18 vpn last message repeated 3 times
May 31 11:05:13 vpn Pluto[4772]: "gw-rw" #1: max number of retransmissions
(2) r
eached STATE_MAIN_R2

Do you see where is the problem .

regards





 
______________________________________________________________________________
ifrance.com, l'email gratuit le plus complet de l'Internet !
vos emails depuis un navigateur, en POP3, sur Minitel, sur le WAP...
http://www.ifrance.com/_reloc/email.emailif


_______________________________________________
Users mailing list
Users@lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic