<!DOCTYPE html>
<html>
<head>
<title></title>
<style type="text/css">p.MsoNormal,p.MsoNoSpacing{margin:0}</style>
</head>
<body><div>On Wed, Jan 30, 2019, at 8:21 PM, LAURIA Giuseppe wrote:<br></div>
<blockquote type="cite"><div><p style="margin: 0cm 0cm 0.0001pt;"><span class="font" style="font-family:Calibri, sans-serif"><span class="size" style="font-size:11pt"><span class="font" style="font-family:Arial, sans-serif"><span class="size" style="font-size:10pt">Hi all.</span></span></span></span><br></p><p style="margin: 0cm 0cm 0.0001pt;"><span class="font" style="font-family:Calibri, sans-serif"><span class="size" style="font-size:11pt"><span class="font" style="font-family:Arial, sans-serif"><span class="size" style="font-size:10pt"> </span></span></span></span><br></p><p style="margin: 0cm 0cm 0.0001pt;"><span class="font" style="font-family:Calibri, sans-serif"><span class="size" style="font-size:11pt"><span class="font" style="font-family:Arial, sans-serif"><span class="size" style="font-size:10pt">We are using libreswan between two different RedHat Servers and want to do host-to-host transport tunnel encryption to port 8080.</span></span></span></span><br></p><p style="margin: 0cm 0cm 0.0001pt;"><span class="font" style="font-family:Calibri, sans-serif"><span class="size" style="font-size:11pt"><span class="font" style="font-family:Arial, sans-serif"><span class="size" style="font-size:10pt"> </span></span></span></span><br></p><p style="margin: 0cm 0cm 0.0001pt;"><span class="font" style="font-family:Calibri, sans-serif"><span class="size" style="font-size:11pt"><span class="font" style="font-family:Arial, sans-serif"><span class="size" style="font-size:10pt">Left: RHEL 7.6 ( SELinux set to Permissive )<br> libreswan version: libreswan-3.25-2.el7.x86_64</span></span></span></span></p><p style="margin: 0cm 0cm 0.0001pt;"><span class="font" style="font-family:Calibri, sans-serif"><span class="size" style="font-size:11pt"><span class="font" style="font-family:Arial, sans-serif"><span class="size" style="font-size:10pt"> </span></span></span></span><br></p><p style="margin: 0cm 0cm 0.0001pt;"><span class="font" style="font-family:Calibri, sans-serif"><span class="size" style="font-size:11pt"><span class="font" style="font-family:Arial, sans-serif"><span class="size" style="font-size:10pt"> </span></span></span></span><br></p><p style="margin: 0cm 0cm 0.0001pt;"><span class="font" style="font-family:Calibri, sans-serif"><span class="size" style="font-size:11pt"><span class="font" style="font-family:Arial, sans-serif"><span class="size" style="font-size:10pt">Right: RHEL 6.10</span></span></span></span><br></p><p style="margin: 0cm 0cm 0.0001pt;"><span class="font" style="font-family:Calibri, sans-serif"><span class="size" style="font-size:11pt"><span class="font" style="font-family:Arial, sans-serif"><span class="size" style="font-size:10pt">Libreswan version : libreswan-3.15-7.5.el6_9.x86_64</span></span></span></span><br></p><p style="margin: 0cm 0cm 0.0001pt;"><span class="font" style="font-family:Calibri, sans-serif"><span class="size" style="font-size:11pt"><span class="font" style="font-family:Arial, sans-serif"><span class="size" style="font-size:10pt"> </span></span></span></span><br></p><p style="margin: 0cm 0cm 0.0001pt;"><span class="font" style="font-family:Calibri, sans-serif"><span class="size" style="font-size:11pt"><span class="font" style="font-family:Arial, sans-serif"><span class="size" style="font-size:10pt"> </span></span></span></span><br></p><p style="margin: 0cm 0cm 0.0001pt;"><span class="font" style="font-family:Calibri, sans-serif"><span class="size" style="font-size:11pt"><span class="font" style="font-family:Arial, sans-serif"><span class="size" style="font-size:10pt">I initialized NSS DB<br> </span></span></span></span></p><p style="margin: 0cm 0cm 0.0001pt;"><span class="font" style="font-family:Calibri, sans-serif"><span class="size" style="font-size:11pt"><span class="font" style="font-family:Arial, sans-serif"><span class="size" style="font-size:10pt">ipsec initnss</span></span></span></span><br></p><p style="margin: 0cm 0cm 0.0001pt;"><span class="font" style="font-family:Calibri, sans-serif"><span class="size" style="font-size:11pt"><span class="font" style="font-family:Arial, sans-serif"><span class="size" style="font-size:10pt"> </span></span></span></span><br></p><p style="margin: 0cm 0cm 0.0001pt;"><span class="font" style="font-family:Calibri, sans-serif"><span class="size" style="font-size:11pt"><span class="font" style="font-family:Arial, sans-serif"><span class="size" style="font-size:10pt">I created two new keys on each box <br> </span></span></span></span></p><p style="margin: 0cm 0cm 0.0001pt;"><span class="font" style="font-family:Calibri, sans-serif"><span class="size" style="font-size:11pt"><span class="font" style="font-family:Arial, sans-serif"><span class="size" style="font-size:10pt">ipsec newhostkey</span></span></span></span><br></p><p style="margin: 0cm 0cm 0.0001pt;"><span class="font" style="font-family:Calibri, sans-serif"><span class="size" style="font-size:11pt"><span class="font" style="font-family:Arial, sans-serif"><span class="size" style="font-size:10pt"> </span></span></span></span><br></p><p style="margin: 0cm 0cm 0.0001pt;"><span class="font" style="font-family:Calibri, sans-serif"><span class="size" style="font-size:11pt"><span class="font" style="font-family:Arial, sans-serif"><span class="size" style="font-size:10pt">listed the rsa key on both boxes:</span></span></span></span><br></p><p style="margin: 0cm 0cm 0.0001pt;"><span class="font" style="font-family:Calibri, sans-serif"><span class="size" style="font-size:11pt"><span class="font" style="font-family:Arial, sans-serif"><span class="size" style="font-size:10pt">eg. ipsec showhostkey --left --rsaid AwEAAavAZ</span></span></span></span><br></p><p style="margin: 0cm 0cm 0.0001pt;"><span class="font" style="font-family:Calibri, sans-serif"><span class="size" style="font-size:11pt"><span class="font" style="font-family:Arial, sans-serif"><span class="size" style="font-size:10pt"> </span></span></span></span><br></p><p style="margin: 0cm 0cm 0.0001pt;"><span class="font" style="font-family:Calibri, sans-serif"><span class="size" style="font-size:11pt"><span class="font" style="font-family:Arial, sans-serif"><span class="size" style="font-size:10pt"> </span></span></span></span><br></p><p style="margin: 0cm 0cm 0.0001pt;"><span class="font" style="font-family:Calibri, sans-serif"><span class="size" style="font-size:11pt"><span class="font" style="font-family:Arial, sans-serif"><span class="size" style="font-size:10pt">configured a connection:</span></span></span></span><br></p><p style="margin: 0cm 0cm 0.0001pt;"><span class="font" style="font-family:Calibri, sans-serif"><span class="size" style="font-size:11pt"><span class="font" style="font-family:Arial, sans-serif"><span class="size" style="font-size:10pt">conn lagu_tunnel</span></span></span></span><br></p><p style="margin: 0cm 0cm 0.0001pt;"><span class="font" style="font-family:Calibri, sans-serif"><span class="size" style="font-size:11pt"><span class="font" style="font-family:Arial, sans-serif"><span class="size" style="font-size:10pt">        leftid=@west</span></span></span></span><br></p><p style="margin: 0cm 0cm 0.0001pt;"><span class="font" style="font-family:Calibri, sans-serif"><span class="size" style="font-size:11pt"><span class="font" style="font-family:Arial, sans-serif"><span class="size" style="font-size:10pt">        left=<left-IP></span></span></span></span><br></p><p style="margin: 0cm 0cm 0.0001pt;"><span class="font" style="font-family:Calibri, sans-serif"><span class="size" style="font-size:11pt"><span class="font" style="font-family:Arial, sans-serif"><span class="size" style="font-size:10pt">        leftrsasigkey=0sAw…….j6Og/7E=</span></span></span></span><br></p><p style="margin: 0cm 0cm 0.0001pt;"><span class="font" style="font-family:Calibri, sans-serif"><span class="size" style="font-size:11pt"><span class="font" style="font-family:Arial, sans-serif"><span class="size" style="font-size:10pt">        rightid=@east</span></span></span></span><br></p><p style="margin: 0cm 0cm 0.0001pt;"><span class="font" style="font-family:Calibri, sans-serif"><span class="size" style="font-size:11pt"><span class="font" style="font-family:Arial, sans-serif"><span class="size" style="font-size:10pt">        right=<right-IP></span></span></span></span><br></p><p style="margin: 0cm 0cm 0.0001pt;"><span class="font" style="font-family:Calibri, sans-serif"><span class="size" style="font-size:11pt"><span class="font" style="font-family:Arial, sans-serif"><span class="size" style="font-size:10pt">        rightprotoport=tcp/8080</span></span></span></span><br></p><p style="margin: 0cm 0cm 0.0001pt;"><span class="font" style="font-family:Calibri, sans-serif"><span class="size" style="font-size:11pt"><span class="font" style="font-family:Arial, sans-serif"><span class="size" style="font-size:10pt">        rightrsasigkey=0sAQ……m0dfg7pH</span></span></span></span><br></p><p style="margin: 0cm 0cm 0.0001pt;"><span class="font" style="font-family:Calibri, sans-serif"><span class="size" style="font-size:11pt"><span class="font" style="font-family:Arial, sans-serif"><span class="size" style="font-size:10pt"> </span></span></span></span><br></p><p style="margin: 0cm 0cm 0.0001pt;"><span class="font" style="font-family:Calibri, sans-serif"><span class="size" style="font-size:11pt"><span class="font" style="font-family:Arial, sans-serif"><span class="size" style="font-size:10pt">        #auto=start</span></span></span></span><br></p><p style="margin: 0cm 0cm 0.0001pt;"><span class="font" style="font-family:Calibri, sans-serif"><span class="size" style="font-size:11pt"><span class="font" style="font-family:Arial, sans-serif"><span class="size" style="font-size:10pt">        authby=rsasig</span></span></span></span><br></p><p style="margin: 0cm 0cm 0.0001pt;"><span class="font" style="font-family:Calibri, sans-serif"><span class="size" style="font-size:11pt"><span class="font" style="font-family:Arial, sans-serif"><span class="size" style="font-size:10pt">        type=transport</span></span></span></span><br></p><p style="margin: 0cm 0cm 0.0001pt;"><span class="font" style="font-family:Calibri, sans-serif"><span class="size" style="font-size:11pt"><span class="font" style="font-family:Arial, sans-serif"><span class="size" style="font-size:10pt"> </span></span></span></span><br></p><p style="margin: 0cm 0cm 0.0001pt;"><span class="font" style="font-family:Calibri, sans-serif"><span class="size" style="font-size:11pt"><span class="font" style="font-family:Arial, sans-serif"><span class="size" style="font-size:10pt"> </span></span></span></span><br></p><p style="margin: 0cm 0cm 0.0001pt;"><span class="font" style="font-family:Calibri, sans-serif"><span class="size" style="font-size:11pt"><span class="font" style="font-family:Arial, sans-serif"><span class="size" style="font-size:10pt">I'm able to add the connection on left side.<br> Then up-ing the connection on left side.</span></span></span></span></p><p style="margin: 0cm 0cm 0.0001pt;"><span class="font" style="font-family:Calibri, sans-serif"><span class="size" style="font-size:11pt"><span class="font" style="font-family:Arial, sans-serif"><span class="size" style="font-size:10pt">Then adding the connection on right side, soon after errors pop up on left side<br> </span></span></span></span></p><p style="margin: 0cm 0cm 0.0001pt;"><span class="font" style="font-family:Calibri, sans-serif"><span class="size" style="font-size:11pt"><span class="font" style="font-family:Arial, sans-serif"><span class="size" style="font-size:10pt"> </span></span></span></span><br></p><p style="margin: 0cm 0cm 0.0001pt;">[...]</p><p style="margin: 0cm 0cm 0.0001pt;"><span class="font" style="font-family:Calibri, sans-serif"><span class="size" style="font-size:11pt"><span class="font" style="font-family:Arial, sans-serif"><span class="size" style="font-size:10pt">003 "lagu_tunnel" #1: unable to locate my private key for RSA Signature</span></span></span></span><br></p><p style="margin: 0cm 0cm 0.0001pt;"><span class="font" style="font-family:Calibri, sans-serif"><span class="size" style="font-size:11pt"><span class="font" style="font-family:Arial, sans-serif"><span class="size" style="font-size:10pt">224 "lagu_tunnel" #1: STATE_MAIN_I2: AUTHENTICATION_FAILED</span></span></span></span><br></p><p style="margin: 0cm 0cm 0.0001pt;"><span class="font" style="font-family:Calibri, sans-serif"><span class="size" style="font-size:11pt"><span class="font" style="font-family:Arial, sans-serif"><span class="size" style="font-size:10pt">002 "lagu_tunnel" #1: sending notification AUTHENTICATION_FAILED to <right-IP>:500</span></span></span></span><br></p><p style="margin: 0cm 0cm 0.0001pt;"><span class="font" style="font-family:Calibri, sans-serif"><span class="size" style="font-size:11pt"><span class="font" style="font-family:Arial, sans-serif"><span class="size" style="font-size:10pt">003 "lagu_tunnel" #1: unable to locate my private key for RSA Signature</span></span></span></span><br></p><p style="margin: 0cm 0cm 0.0001pt;"><span class="font" style="font-family:Calibri, sans-serif"><span class="size" style="font-size:11pt"><span class="font" style="font-family:Arial, sans-serif"><span class="size" style="font-size:10pt">224 "lagu_tunnel" #1: STATE_MAIN_I2: AUTHENTICATION_FAILED</span></span></span></span><br></p><p style="margin: 0cm 0cm 0.0001pt;"><span class="font" style="font-family:Calibri, sans-serif"><span class="size" style="font-size:11pt"><span class="font" style="font-family:Arial, sans-serif"><span class="size" style="font-size:10pt">002 "lagu_tunnel" #1: sending notification AUTHENTICATION_FAILED to <right-IP>:500</span></span></span></span><br></p><p style="margin: 0cm 0cm 0.0001pt;"><span class="font" style="font-family:Calibri, sans-serif"><span class="size" style="font-size:11pt"><span class="font" style="font-family:Arial, sans-serif"><span class="size" style="font-size:10pt">003 "lagu_tunnel" #1: unable to locate my private key for RSA Signature</span></span></span></span><br></p><p style="margin: 0cm 0cm 0.0001pt;"><span class="font" style="font-family:Calibri, sans-serif"><span class="size" style="font-size:11pt"><span class="font" style="font-family:Arial, sans-serif"><span class="size" style="font-size:10pt">224 "lagu_tunnel" #1: STATE_MAIN_I2: AUTHENTICATION_FAILED</span></span></span></span><br></p><p style="margin: 0cm 0cm 0.0001pt;"><span class="font" style="font-family:Calibri, sans-serif"><span class="size" style="font-size:11pt"><span class="font" style="font-family:Arial, sans-serif"><span class="size" style="font-size:10pt">002 "lagu_tunnel" #1: sending notification AUTHENTICATION_FAILED to <right-IP>:500</span></span></span></span><br></p><p style="margin: 0cm 0cm 0.0001pt;"><span class="font" style="font-family:Calibri, sans-serif"><span class="size" style="font-size:11pt"><span class="font" style="font-family:Arial, sans-serif"><span class="size" style="font-size:10pt">003 "lagu_tunnel" #1: unable to locate my private key for RSA Signature</span></span></span></span><br></p><p style="margin: 0cm 0cm 0.0001pt;"><span class="font" style="font-family:Calibri, sans-serif"><span class="size" style="font-size:11pt"><span class="font" style="font-family:Arial, sans-serif"><span class="size" style="font-size:10pt">224 "lagu_tunnel" #1: STATE_MAIN_I2: AUTHENTICATION_FAILED</span></span></span></span><br></p><p style="margin: 0cm 0cm 0.0001pt;"><span class="font" style="font-family:Calibri, sans-serif"><span class="size" style="font-size:11pt"><span class="font" style="font-family:Arial, sans-serif"><span class="size" style="font-size:10pt">002 "lagu_tunnel" #1: sending notification AUTHENTICATION_FAILED to <right-IP>:500</span></span></span></span><br></p><p style="margin: 0cm 0cm 0.0001pt;"><span class="font" style="font-family:Calibri, sans-serif"><span class="size" style="font-size:11pt"><span class="font" style="font-family:Arial, sans-serif"><span class="size" style="font-size:10pt">003 "lagu_tunnel" #1: unable to locate my private key for RSA Signature</span></span></span></span><br></p><p style="margin: 0cm 0cm 0.0001pt;"><span class="font" style="font-family:Calibri, sans-serif"><span class="size" style="font-size:11pt"><span class="font" style="font-family:Arial, sans-serif"><span class="size" style="font-size:10pt">224 "lagu_tunnel" #1: STATE_MAIN_I2: AUTHENTICATION_FAILED</span></span></span></span><br></p><p style="margin: 0cm 0cm 0.0001pt;"><span class="font" style="font-family:Calibri, sans-serif"><span class="size" style="font-size:11pt"><span class="font" style="font-family:Arial, sans-serif"><span class="size" style="font-size:10pt">002 "lagu_tunnel" #1: sending notification AUTHENTICATION_FAILED to <right-IP>:500</span></span></span></span><br></p><p style="margin: 0cm 0cm 0.0001pt;"><span class="font" style="font-family:Calibri, sans-serif"><span class="size" style="font-size:11pt"><span class="font" style="font-family:Arial, sans-serif"><span class="size" style="font-size:10pt">003 "lagu_tunnel" #1: unable to locate my private key for RSA Signature</span></span></span></span><br></p><p style="margin: 0cm 0cm 0.0001pt;"><span class="font" style="font-family:Calibri, sans-serif"><span class="size" style="font-size:11pt"><span class="font" style="font-family:Arial, sans-serif"><span class="size" style="font-size:10pt">224 "lagu_tunnel" #1: STATE_MAIN_I2: AUTHENTICATION_FAILED</span></span></span></span><br></p><p style="margin: 0cm 0cm 0.0001pt;"><span class="font" style="font-family:Calibri, sans-serif"><span class="size" style="font-size:11pt"><span class="font" style="font-family:Arial, sans-serif"><span class="size" style="font-size:10pt">002 "lagu_tunnel" #1: sending notification AUTHENTICATION_FAILED to <right-IP>:500</span></span></span></span><br></p><p style="margin: 0cm 0cm 0.0001pt;"><span class="font" style="font-family:Calibri, sans-serif"><span class="size" style="font-size:11pt"><span class="font" style="font-family:Arial, sans-serif"><span class="size" style="font-size:10pt"> </span></span></span></span><br></p><div>[...]</div>
<p style="margin: 0cm 0cm 0.0001pt;"><span class="font" style="font-family:Calibri, sans-serif"><span class="size" style="font-size:11pt"><span class="font" style="font-family:Arial, sans-serif"><span class="size" style="font-size:10pt"> </span></span></span></span><br></p><p style="margin: 0cm 0cm 0.0001pt;"><span class="font" style="font-family:Calibri, sans-serif"><span class="size" style="font-size:11pt"><span class="font" style="font-family:Arial, sans-serif"><span class="size" style="font-size:10pt">Best regards.</span></span></span></span><br></p><p style="margin: 0cm 0cm 0.0001pt;"><span class="font" style="font-family:Calibri, sans-serif"><span class="size" style="font-size:11pt"><span class="font" style="font-family:Arial, sans-serif"><span class="size" style="font-size:10pt">Giuseppe Lauria</span></span></span></span><br></p></div>
<div><u>_______________________________________________</u><br></div>
<div>Swan mailing list<br></div>
<div><a style="text-decoration: underline; color: rgb(5, 99, 193);" href="mailto:Swan@lists.libreswan.org">Swan@lists.libreswan.org</a><br></div>
<div><a style="text-decoration: underline; color: rgb(5, 99, 193);" href="https://lists.libreswan.org/mailman/listinfo/swan">https://lists.libreswan.org/mailman/listinfo/swan</a><br></div>
<p>Email had 1 attachment:<br></p><ul><li><div><code>lagu-tunnel.txt</code><br></div>
<div>  365k (text/plain)<br></div>
</li></ul></blockquote><div><br></div>
<div>Have you seen this?<br></div>
<div><br></div>
<div><a href="https://lists.libreswan.org/pipermail/swan/2018/002496.html">https://lists.libreswan.org/pipermail/swan/2018/002496.html</a><br></div>
<div><br></div>
<div>And since you're mixing different OS and libreswan versions - if you click through "Next message" in that thread, there are some version specific notes at the end.<br></div>
<div><br></div>
<div>-- K<br></div>
<div><br></div>
</body>
</html>