[Swan] Failure to find our RSA key
Paul Wouters
paul at nohats.ca
Mon Aug 7 21:59:08 EEST 2023
On Fri, 4 Aug 2023, William Atwood wrote:
> I am interested in using Libreswan in a project that requires IPsec tunnels
> between hosts. Eventually, these tunnels will be based on certificates, but
> I wanted to understand the "basics" before going to the effort of setting up
> whatever certificate-management infrastructure I will need.
>
> So, I found an example of a simple case in the Wiki, at
> https://libreswan.org/wiki/Host_to_host_VPN. I ran the example on two hosts,
> Lampson and Cherry, each running Ubuntu 20.04.6 LTS.
>
> I installed Libreswan on both hosts, using "sudo apt install libreswan". The
> resulting version string is:
> Linux Libreswan 3.29 (netkey) on 5.15.0-76-generic
>
> I initialized nss, and then used "sudo ipsec newhostkey" to generate RSA
> keypairs on each host. Using the host keys, and appropriate IPv4 addresses,
> I constructed /etc/ipsec.d/LACH.conf on both hosts, making sure that the host
> keys were on a single line in the file.
>
> I ran:
>
> sudo ipsec setup start
> sudo ipsec auto --add mytunnel
> 003 "mytunnel" #1: Failed to find our RSA key
> Can anyone suggest to me what is wrong, and how to go about fixing it?
I wonder if this is an error in determining the nss directory used?
does the output of "sudo ipsec newhostkey" tell you if it generated this
key in /etc/ipsec.d or /var/lib/ipsec/nss/ ?
Can you run:
sudo certutil -L -d /var/lib/ipsec/nss/
and:
sudo ipsec auto --listall
Otherwise, perhaps you ran it multiple times and forgot to update the
.conf file with the new key ?
Paul
More information about the Swan
mailing list