I did :)
I'm all for an easy life.
I got a very similar error
instead of but no connection has been authorized with policy RSASIG+IKEV1_ALLOW
I got
but no connection has been authorized with policy PSK+IKEV1_ALLOW
I did read somewhere though errors are re herrings which is helpful.
Thanks
On
IPSec is very complex with certificates. try first with PSK authentication
and then with certificates
--
Eero
2016-04-01 20:21 GMT+03:00 Glenn Pierce :
> I generated according to the docs . Which produced
> my server.secrets as below
>
> used the command
>
> ipsec
I generated according to the docs . Which produced
my server.secrets as below
used the command
ipsec newhostkey --configdir /etc/ipsec.d --output
/etc/ipsec.d/www.example.com.secrets
: RSA {
# RSA 3328 bits ***.**.net Fri Apr 1 15:39:32 2016
# for signatures only,
You must define connection address and key in ipsec.secrets.
--
Eero
2016-04-01 19:38 GMT+03:00 Glenn Pierce :
> Just trying to follow the instructions here
>
>
Just trying to follow the instructions here
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Security_Guide/sec-Securing_Virtual_Private_Networks.html
I don't think I am doing anything special.
At the point where there is some communication going on
Getting this
I just removed the name. I will be regenerating again.
To be honest if an attacker to get this to work I would buy then a drink :)
On 1 April 2016 at 17:01, Gordon Messmer wrote:
> On 04/01/2016 07:44 AM, Glenn Pierce wrote:
>>
>> Ie
>> ***.server.net.INIPSECKEY
On 04/01/2016 07:44 AM, Glenn Pierce wrote:
Ie
***.server.net.INIPSECKEY 10 0 2 .
Was that a key that you generated as an example, or your actual VPN
key? The fact that you obscured part of it makes me think it might be
the latter, but if that's the case, you really should generate
Typical I think I just did it .
I downloaded a perl script to do it at
https://git.dn42.us/ryan/pubkey-converter/raw/master/pubkey-converter.pl
First I did
ipsec showhostkey --right > right.pub
I then edited the file to remove the ipsec key = line
Then I converted with
perl
So you are using pkcs12 on centos:
https://www.sslshopper.com/article-most-common-openssl-commands.html
--
Eero
2016-04-01 17:44 GMT+03:00 Glenn Pierce :
> Sorry but I have looked for over two days. Trying every command I could
> find.
>
> There is obviously a
Sorry but I have looked for over two days. Trying every command I could find.
There is obviously a misunderstanding somewhere.
After generating a key pair with
ipsec newhostkey --configdir /etc/ipsec.d --output /etc/ipsec.d/my.secrets
I exported to a file with
ipsec showhostkey --ipseckey >
It works, try googling for openssl pem conversion
1.4.2016 4.32 ip. "Glenn Pierce" kirjoitti:
> I have tried
> openssl rsa -in bicester_left.pub -outform pem > bicester_left.pem
>
> I get
> unable to load Private Key
> 140372295030648:error:0906D06C:PEM
I have tried
openssl rsa -in bicester_left.pub -outform pem > bicester_left.pem
I get
unable to load Private Key
140372295030648:error:0906D06C:PEM routines:PEM_read_bio:no start
line:pem_lib.c:701:Expecting: ANY PRIVATE KEY
On 1 April 2016 at 13:59, Eero Volotinen
You can do any kind of format conversions with openssl commandline client.
Eero
1.4.2016 3.56 ip. "Glenn Pierce" kirjoitti:
> Hi I am trying to setup a libreswan vpn between centos 7 and a Mikrotik
> router.
>
> I am try to get the keys working. My problem is the Mikrotik
13 matches
Mail list logo