You must define connection address and key in ipsec.secrets.
-- Eero
2016-04-01 19:38 GMT+03:00 Glenn Pierce glennpierce@gmail.com:
Just trying to follow the instructions here
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/htm...
I don't think I am doing anything special.
At the point where there is some communication going on
Getting this error
packet from *****:1024: received Vendor ID payload [Cisco-Unity] Apr 01 17:33:44 carneab4.memset.net pluto[15986]: packet from ***:1024: received Vendor ID payload [Dead Peer Detection] Apr 01 17:33:44 carneab4.memset.net pluto[15986]: packet from *** :1024: initial Main Mode message received on ****:500 but no connection has been authorized with policy RSASIG+IKEV1_ALLOW
The errors are so vague. Not sure what the problem is now
My conf
conn tunnel #phase2alg=aes256-sha1;modp1024 keyexchange=ike #ike=aes256-sha1;modp1024 left=192.168.1.122 leftnexthop=81.129.247.152 # My ISP assigned external ip adresss (I am testing at home)
leftrsasigkey=0sAQPs3gZ6GBRJSoy/6RxrL/cMv0JnYEKR/SYmXUCVlkBFNi2D7VJsa17ffvmBUjLLD6/T72M31JvlPhkSzK/YSPpoh8hNtSB4IDlD2WGks+hYlnQ4ZSOaj5LHFRFochUVQAiSWgx4OnvI9cYrj+rDZL/0vtGeLDJiLeTSj3DLfWCi2DG/LzZ1ukQMQCETMb6vZ9YcC21iQUNxEHLVJlTSltVdpyWnWfKvoQ9K3NFiVVsXZ0+puQCHWJqp1OQtesaSCQNzeUgjmhm5W+kVzQ1NkeCz6Me0iQEIzH+b6gdJrjRzgwhU1ZRXfthP4QiIANh9C9uI2VGj1tM05qXm2Ps9KZiholyQSKmjZNXU1RBzQdc2T09WsGRBPFprH8k3nN2MpWkWj1Tljawx7uRoCWtH0UkOhe04kPzZ4M5CHplNEM7fO05DraRt7F99oN2cYuRHCzLD53QwdS8ptw3G1FCiSK7+v3klE0zemBToknFAT5Oy5XiHILLkNccjXmJ12eyw1qUX/jM7r+COGQQfefYbv8fokxJy+dSB2JmPqOT05ssvMw== right=89.200.134.211
rightrsasigkey=0sAQPs3gZ6GBRJSoy/6RxrL/cMv0JnYEKR/SYmXUCVlkBFNi2D7VJsa17ffvmBUjLLD6/T72M31JvlPhkSzK/YSPpoh8hNtSB4IDlD2WGks+hYlnQ4ZSOaj5LHFRFochUVQAiSWgx4OnvI9cYrj+rDZL/0vtGeLDJiLeTSj3DLfWCi2DG/LzZ1ukQMQCETMb6vZ9YcC21iQUNxEHLVJlTSltVdpyWnWfKvoQ9K3NFiVVsXZ0+puQCHWJqp1OQtesaSCQNzeUgjmhm5W+kVzQ1NkeCz6Me0iQEIzH+b6gdJrjRzgwhU1ZRXfthP4QiIANh9C9uI2VGj1tM05qXm2Ps9KZiholyQSKmjZNXU1RBzQdc2T09WsGRBPFprH8k3nN2MpWkWj1Tljawx7uRoCWtH0UkOhe04kPzZ4M5CHplNEM7fO05DraRt7F99oN2cYuRHCzLD53QwdS8ptw3G1FCiSK7+v3klE0zemBToknFAT5Oy5XiHILLkNccjXmJ12eyw1qUX/jM7r+COGQQfefYbv8fokxJy+dSB2JmPqOT05ssvMw== authby=secret|rsasig # load and initiate automatically auto=start
conn site1 also=tunnel leftsubnet=10.0.128.0/22 rightsubnet=192.168.1.222/32
conn site2 also=tunnel
On 1 April 2016 at 15:58, Eero Volotinen eero.volotinen@iki.fi wrote:
So you are using pkcs12 on centos:
https://www.sslshopper.com/article-most-common-openssl-commands.html
Eero
2016-04-01 17:44 GMT+03:00 Glenn Pierce glennpierce@gmail.com:
Sorry but I have looked for over two days. Trying every command I could find.
There is obviously a misunderstanding somewhere.
After generating a key pair with ipsec newhostkey --configdir /etc/ipsec.d --output
/etc/ipsec.d/my.secrets
I exported to a file with ipsec showhostkey --ipseckey > file
The man pages says ipsec showhostkey outputs in ipsec.conf(5) format,
Ie
***.server.net. IN IPSECKEY 10 0 2 .
AQPs3gZ6GBRJSoy/6RxrL/cMv0JnYEKR/SYmXUCVlkBFNi2D7VJsa17ffvmBUjLLD6/T72M31JvlPhkSzK/YSPpoh8hNtSB4IDlD2WGks+hYlnQ4ZSOaj5LHFRFochUVQAiSWgx4OnvI9cYrj+rDZL/0vtGeLDJiLeTSj3DLfWCi2DG/LzZ1ukQMQCETMb6vZ9YcC21iQUNxEHLVJlTSltVdpyWnWfKvoQ9K3NFiVVsXZ0+puQCHWJqp1OQtesaSCQNzeUgjmhm5W+kVzQ1NkeCz6Me0iQEIzH+b6gdJrjRzgwhU1ZRXfthP4QiIANh9C9uI2VGj1tM05qXm2Ps9KZiholyQSKmjZNXU1RBzQdc2T09WsGRBPFprH8k3nN2MpWkWj1Tljawx7uRoCWtH0UkOhe04kPzZ4M5CHplNEM7fO05DraRt7F99oN2cYuRHCzLD53QwdS8ptw3G1FCiSK7+v3klE0zemBToknFAT5Oy5XiHILLkNccjXmJ12eyw1qUX/jM7r+COGQQfefYbv8fokxJy+dSB2JmPqOT05ssvMw==
is this the format openssl is meant to beable to convert ? or is the an intermediate step I am missing as like I said not command I found seems to work.
On 1 April 2016 at 14:35, Eero Volotinen eero.volotinen@iki.fi wrote:
It works, try googling for openssl pem conversion 1.4.2016 4.32 ip. "Glenn Pierce" glennpierce@gmail.com kirjoitti:
I have tried openssl rsa -in bicester_left.pub -outform pem > bicester_left.pem
I get unable to load Private Key 140372295030648:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:701:Expecting: ANY PRIVATE KEY
On 1 April 2016 at 13:59, Eero Volotinen eero.volotinen@iki.fi
wrote:
You can do any kind of format conversions with openssl commandline
client.
Eero 1.4.2016 3.56 ip. "Glenn Pierce" glennpierce@gmail.com
kirjoitti:
> Hi I am trying to setup a libreswan vpn between centos 7 and a
Mikrotik
> router. > > I am try to get the keys working. My problem is the Mikrotik
router
> wants the key in PEM format > > How do I export the keys generated with ipsec newhostkey > into PEM format ? > > > Thanks > _______________________________________________ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > _______________________________________________ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos