Re: [CentOS] Libreswan PEM format

2016-04-01 Thread Glenn Pierce
I did :) I'm all for an easy life. I got a very similar error instead of but no connection has been authorized with policy RSASIG+IKEV1_ALLOW I got but no connection has been authorized with policy PSK+IKEV1_ALLOW I did read somewhere though errors are re herrings which is helpful. Thanks On

Re: [CentOS] Libreswan PEM format

2016-04-01 Thread Eero Volotinen
IPSec is very complex with certificates. try first with PSK authentication and then with certificates -- Eero 2016-04-01 20:21 GMT+03:00 Glenn Pierce : > I generated according to the docs . Which produced > my server.secrets as below > > used the command > > ipsec

Re: [CentOS] Libreswan PEM format

2016-04-01 Thread Glenn Pierce
I generated according to the docs . Which produced my server.secrets as below used the command ipsec newhostkey --configdir /etc/ipsec.d --output /etc/ipsec.d/www.example.com.secrets : RSA { # RSA 3328 bits ***.**.net Fri Apr 1 15:39:32 2016 # for signatures only,

Re: [CentOS] Libreswan PEM format

2016-04-01 Thread Eero Volotinen
You must define connection address and key in ipsec.secrets. -- Eero 2016-04-01 19:38 GMT+03:00 Glenn Pierce : > Just trying to follow the instructions here > >

Re: [CentOS] Libreswan PEM format

2016-04-01 Thread Glenn Pierce
Just trying to follow the instructions here https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Security_Guide/sec-Securing_Virtual_Private_Networks.html I don't think I am doing anything special. At the point where there is some communication going on Getting this

Re: [CentOS] Libreswan PEM format

2016-04-01 Thread Glenn Pierce
I just removed the name. I will be regenerating again. To be honest if an attacker to get this to work I would buy then a drink :) On 1 April 2016 at 17:01, Gordon Messmer wrote: > On 04/01/2016 07:44 AM, Glenn Pierce wrote: >> >> Ie >> ***.server.net.INIPSECKEY

Re: [CentOS] Libreswan PEM format

2016-04-01 Thread Gordon Messmer
On 04/01/2016 07:44 AM, Glenn Pierce wrote: Ie ***.server.net.INIPSECKEY 10 0 2 . Was that a key that you generated as an example, or your actual VPN key? The fact that you obscured part of it makes me think it might be the latter, but if that's the case, you really should generate

Re: [CentOS] Libreswan PEM format

2016-04-01 Thread Glenn Pierce
Typical I think I just did it . I downloaded a perl script to do it at https://git.dn42.us/ryan/pubkey-converter/raw/master/pubkey-converter.pl First I did ipsec showhostkey --right > right.pub I then edited the file to remove the ipsec key = line Then I converted with perl

Re: [CentOS] Libreswan PEM format

2016-04-01 Thread Eero Volotinen
So you are using pkcs12 on centos: https://www.sslshopper.com/article-most-common-openssl-commands.html -- Eero 2016-04-01 17:44 GMT+03:00 Glenn Pierce : > Sorry but I have looked for over two days. Trying every command I could > find. > > There is obviously a

Re: [CentOS] Libreswan PEM format

2016-04-01 Thread Glenn Pierce
Sorry but I have looked for over two days. Trying every command I could find. There is obviously a misunderstanding somewhere. After generating a key pair with ipsec newhostkey --configdir /etc/ipsec.d --output /etc/ipsec.d/my.secrets I exported to a file with ipsec showhostkey --ipseckey >

Re: [CentOS] Libreswan PEM format

2016-04-01 Thread Eero Volotinen
It works, try googling for openssl pem conversion 1.4.2016 4.32 ip. "Glenn Pierce" kirjoitti: > I have tried > openssl rsa -in bicester_left.pub -outform pem > bicester_left.pem > > I get > unable to load Private Key > 140372295030648:error:0906D06C:PEM

Re: [CentOS] Libreswan PEM format

2016-04-01 Thread Glenn Pierce
I have tried openssl rsa -in bicester_left.pub -outform pem > bicester_left.pem I get unable to load Private Key 140372295030648:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:701:Expecting: ANY PRIVATE KEY On 1 April 2016 at 13:59, Eero Volotinen

Re: [CentOS] Libreswan PEM format

2016-04-01 Thread Eero Volotinen
You can do any kind of format conversions with openssl commandline client. Eero 1.4.2016 3.56 ip. "Glenn Pierce" kirjoitti: > Hi I am trying to setup a libreswan vpn between centos 7 and a Mikrotik > router. > > I am try to get the keys working. My problem is the Mikrotik

[CentOS] Libreswan PEM format

2016-04-01 Thread Glenn Pierce
Hi I am trying to setup a libreswan vpn between centos 7 and a Mikrotik router. I am try to get the keys working. My problem is the Mikrotik router wants the key in PEM format How do I export the keys generated with ipsec newhostkey into PEM format ? Thanks