[Swan] unable to locate my private key for RSA Signature

Kostya Vasilyev kman at fastmail.com
Wed Jan 30 18:51:11 UTC 2019


On Wed, Jan 30, 2019, at 8:21 PM, LAURIA Giuseppe wrote:
> Hi all.


>  


> We are using libreswan between two different RedHat Servers and want
> to do host-to-host transport tunnel encryption to port 8080.>  


> Left: RHEL 7.6 ( SELinux set to Permissive ) libreswan version: libreswan-3.25-
> 2.el7.x86_64>  


>  


> Right: RHEL 6.10


> Libreswan version : libreswan-3.15-7.5.el6_9.x86_64


>  


>  


> I initialized NSS DB


> ipsec initnss


>  


> I created two new keys on each box 


> ipsec newhostkey


>  


> listed the rsa key on both boxes:


> eg. ipsec showhostkey --left --rsaid AwEAAavAZ


>  


>  


> configured a connection:


> conn lagu_tunnel


>         leftid=@west


>         left=<left-IP>


>         leftrsasigkey=0sAw…….j6Og/7E=


>         rightid=@east


>         right=<right-IP>


>         rightprotoport=tcp/8080


>         rightrsasigkey=0sAQ……m0dfg7pH


>  


>         #auto=start


>         authby=rsasig


>         type=transport


>  


>  


> I'm able to add the connection on left side. Then up-ing the
> connection on left side.> Then adding the connection on right side, soon after errors pop up on
> left side>  


> [...]

> 003 "lagu_tunnel" #1: unable to locate my private key for RSA
> Signature> 224 "lagu_tunnel" #1: STATE_MAIN_I2: AUTHENTICATION_FAILED


> 002 "lagu_tunnel" #1: sending notification AUTHENTICATION_FAILED to
> <right-IP>:500> 003 "lagu_tunnel" #1: unable to locate my private key for RSA
> Signature> 224 "lagu_tunnel" #1: STATE_MAIN_I2: AUTHENTICATION_FAILED


> 002 "lagu_tunnel" #1: sending notification AUTHENTICATION_FAILED to
> <right-IP>:500> 003 "lagu_tunnel" #1: unable to locate my private key for RSA
> Signature> 224 "lagu_tunnel" #1: STATE_MAIN_I2: AUTHENTICATION_FAILED


> 002 "lagu_tunnel" #1: sending notification AUTHENTICATION_FAILED to
> <right-IP>:500> 003 "lagu_tunnel" #1: unable to locate my private key for RSA
> Signature> 224 "lagu_tunnel" #1: STATE_MAIN_I2: AUTHENTICATION_FAILED


> 002 "lagu_tunnel" #1: sending notification AUTHENTICATION_FAILED to
> <right-IP>:500> 003 "lagu_tunnel" #1: unable to locate my private key for RSA
> Signature> 224 "lagu_tunnel" #1: STATE_MAIN_I2: AUTHENTICATION_FAILED


> 002 "lagu_tunnel" #1: sending notification AUTHENTICATION_FAILED to
> <right-IP>:500> 003 "lagu_tunnel" #1: unable to locate my private key for RSA
> Signature> 224 "lagu_tunnel" #1: STATE_MAIN_I2: AUTHENTICATION_FAILED


> 002 "lagu_tunnel" #1: sending notification AUTHENTICATION_FAILED to
> <right-IP>:500>  


> [...]
>  


> Best regards.


> Giuseppe Lauria


> _________________________________________________
> Swan mailing list
> Swan at lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan
> Email had 1 attachment:


>  * lagu-tunnel.txt
>   365k (text/plain)

Have you seen this?

https://lists.libreswan.org/pipermail/swan/2018/002496.html

And since you're mixing different OS and libreswan versions - if you
click through "Next message" in that thread, there are some version
specific notes at the end.
-- K

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20190130/31ffbfd7/attachment-0001.html>


More information about the Swan mailing list