Hello,
you might be surprised to see 4.6.0 followed by 4.6.1 after only
a couple of days. Unfortunately testing on the latest Ubuntu 11.10
platform showed that the charon daemon did not load the libsimaka,
libtls and libtnccs dynamic strongSwan libraries on behalf of the
libcharon plugins
Hi,
I am using strongswan 4.3.6
I have tried generate certificates using strongswan PKI gen tool to generate
RSA certificate.
I am getting below errors.
root@evm1gw:/etc/cert# ipsec pki --gen caKey.der
root@evm1gw:/etc/cert#
root@evm1gw:/etc/cert# ipsec pki --self --in caKey.der --dn
Hi Anand,
If I execute the same commands then the ca cert generation works.
- Verify if openssl rsa -inform der -in caKey.der -noout -text works
Regards
Andreas
On 10.11.2011 14:49, anand rao wrote:
Hi,
I am using strongswan 4.3.6
I have tried generate certificates using strongswan PKI
Hi
It has been quite sometime now since i could followup on the issue
submiited by me, very sorry about the delay in doing so.
I have been facing this issue primarily on a OpenWRT Gateway:
--
BusyBox
Hello Rajiv,
did you add the passphrase which encrypts the private key to
the ipsec.secrets entry?
: RSA /ssl/private/mfcgw1key.pem my passphrase
Regards
Andreas
On 10.11.2011 15:10, Rajiv Kulkarni wrote:
Hi
It has been quite sometime now since i could followup on the issue
submiited by
Hi
Yes offcourse. I did that. You see,
- when i use OpenSSL 1.0.0d-fips 8 Feb 2011 on a Linux-FC13 machine to
generate certs, the default rsa key format is PKCS#8 which i believe
strongswan does not yet support
- if on the other, i use a openwrt-gw with OpenSSL 0.9.8q 2 Dec 2010 and
Linux
Hi Rajiv,
Try adding an empty line between the third and fourth line of your
private key file, like this:
-BEGIN RSA PRIVATE KEY-
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,2FC8D750D505E922
D8p/CHn/F5PuiLtSIp9AWfZ9Iig9VQydF7uhCDgJKgOutYGj7PkoufOhFsJ+H7D1
Hello Tobias
I did as adviced and iam getting the following error on ipsec start
--nofork
---
00[CFG] loading secrets from '/usr/local/etc/ipsec.secrets'
00[LIB] key integrity tests failed
00[LIB] building CRED_PRIVATE_KEY - RSA failed, tried 5 builders
00[CFG]
Hi Rajiv,
00[LIB] key integrity tests failed
Seems like the gmp plugin has some issues with your key. It would help
if you could send us an example private key file causing this error.
Regards,
Tobias
___
Users mailing list
Hi Mirko,
I may be wrong, but I don't think it has been truncated.
No you were right, it was the complete log.
At 18:49:25, the route to 192.168.0.2 does exist,
but charon hasn't noticed it.
Well, charon does notice that the interface comes up again. But the
issue here is that the IP
Hello Tobias,
Please find included the sample certs (including the rsa private key files
whose passwd is config123). The attachments are in winrar rar file format.
hope this helps
thanks regards
rajiv
On Thu, Nov 10, 2011 at 10:34 PM, Tobias Brunner tob...@strongswan.orgwrote:
Hi Rajiv,
Hi Rajiv,
When I use
openssl rsa -in mfcgw1key2.pem -check -noout
on my x86_64 machine with OpenSSL 0.9.8o I get
RSA key error: dmp1 not congruent to d
RSA key error: dmq1 not congruent to d
which is also the reason why our libgmp based plugin doesn't like the
keys,
On Thu, Nov 10, 2011 at 06:13:59PM +0100, Tobias Brunner wrote:
At 18:49:25, the route to 192.168.0.2 does exist,
but charon hasn't noticed it.
Well, charon does notice that the interface comes up again. But the
issue here is that the IP address doesn't change. What happens is that
I compiled strongSwan from latest git (see patches at
https://lists.strongswan.org/pipermail/dev/2011-November/000476.html) for Mac
OS X 10.6. I have strongSwan running on a Linux server (also compiled from git).
I am trying to connect from OS X laptop to the Linux server. The laptop is
behind
14 matches
Mail list logo