[Swan] unable to locate my private key for RSA Signature
Kostya Vasilyev
kman at fastmail.com
Wed Jan 30 18:51:11 UTC 2019
On Wed, Jan 30, 2019, at 8:21 PM, LAURIA Giuseppe wrote:
> Hi all.
>
> We are using libreswan between two different RedHat Servers and want
> to do host-to-host transport tunnel encryption to port 8080.>
> Left: RHEL 7.6 ( SELinux set to Permissive ) libreswan version: libreswan-3.25-
> 2.el7.x86_64>
>
> Right: RHEL 6.10
> Libreswan version : libreswan-3.15-7.5.el6_9.x86_64
>
>
> I initialized NSS DB
> ipsec initnss
>
> I created two new keys on each box
> ipsec newhostkey
>
> listed the rsa key on both boxes:
> eg. ipsec showhostkey --left --rsaid AwEAAavAZ
>
>
> configured a connection:
> conn lagu_tunnel
> leftid=@west
> left=<left-IP>
> leftrsasigkey=0sAw…….j6Og/7E=
> rightid=@east
> right=<right-IP>
> rightprotoport=tcp/8080
> rightrsasigkey=0sAQ……m0dfg7pH
>
> #auto=start
> authby=rsasig
> type=transport
>
>
> I'm able to add the connection on left side. Then up-ing the
> connection on left side.> Then adding the connection on right side, soon after errors pop up on
> left side>
> [...]
> 003 "lagu_tunnel" #1: unable to locate my private key for RSA
> Signature> 224 "lagu_tunnel" #1: STATE_MAIN_I2: AUTHENTICATION_FAILED
> 002 "lagu_tunnel" #1: sending notification AUTHENTICATION_FAILED to
> <right-IP>:500> 003 "lagu_tunnel" #1: unable to locate my private key for RSA
> Signature> 224 "lagu_tunnel" #1: STATE_MAIN_I2: AUTHENTICATION_FAILED
> 002 "lagu_tunnel" #1: sending notification AUTHENTICATION_FAILED to
> <right-IP>:500> 003 "lagu_tunnel" #1: unable to locate my private key for RSA
> Signature> 224 "lagu_tunnel" #1: STATE_MAIN_I2: AUTHENTICATION_FAILED
> 002 "lagu_tunnel" #1: sending notification AUTHENTICATION_FAILED to
> <right-IP>:500> 003 "lagu_tunnel" #1: unable to locate my private key for RSA
> Signature> 224 "lagu_tunnel" #1: STATE_MAIN_I2: AUTHENTICATION_FAILED
> 002 "lagu_tunnel" #1: sending notification AUTHENTICATION_FAILED to
> <right-IP>:500> 003 "lagu_tunnel" #1: unable to locate my private key for RSA
> Signature> 224 "lagu_tunnel" #1: STATE_MAIN_I2: AUTHENTICATION_FAILED
> 002 "lagu_tunnel" #1: sending notification AUTHENTICATION_FAILED to
> <right-IP>:500> 003 "lagu_tunnel" #1: unable to locate my private key for RSA
> Signature> 224 "lagu_tunnel" #1: STATE_MAIN_I2: AUTHENTICATION_FAILED
> 002 "lagu_tunnel" #1: sending notification AUTHENTICATION_FAILED to
> <right-IP>:500>
> [...]
>
> Best regards.
> Giuseppe Lauria
> _________________________________________________
> Swan mailing list
> Swan at lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan
> Email had 1 attachment:
> * lagu-tunnel.txt
> 365k (text/plain)
Have you seen this?
https://lists.libreswan.org/pipermail/swan/2018/002496.html
And since you're mixing different OS and libreswan versions - if you
click through "Next message" in that thread, there are some version
specific notes at the end.
-- K
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20190130/31ffbfd7/attachment-0001.html>
More information about the Swan
mailing list