On Wed, Jan 30, 2019, at 8:21 PM, LAURIA Giuseppe wrote: > Hi all.
> > We are using libreswan between two different RedHat Servers and want > to do host-to-host transport tunnel encryption to port 8080.> > Left: RHEL 7.6 ( SELinux set to Permissive ) libreswan version: > libreswan-3.25- > 2.el7.x86_64> > > Right: RHEL 6.10 > Libreswan version : libreswan-3.15-7.5.el6_9.x86_64 > > > I initialized NSS DB > ipsec initnss > > I created two new keys on each box > ipsec newhostkey > > listed the rsa key on both boxes: > eg. ipsec showhostkey --left --rsaid AwEAAavAZ > > > configured a connection: > conn lagu_tunnel > leftid=@west > left=<left-IP> > leftrsasigkey=0sAw…….j6Og/7E= > rightid=@east > right=<right-IP> > rightprotoport=tcp/8080 > rightrsasigkey=0sAQ……m0dfg7pH > > #auto=start > authby=rsasig > type=transport > > > I'm able to add the connection on left side. Then up-ing the > connection on left side.> Then adding the connection on right side, soon > after errors pop up on > left side> > [...] > 003 "lagu_tunnel" #1: unable to locate my private key for RSA > Signature> 224 "lagu_tunnel" #1: STATE_MAIN_I2: AUTHENTICATION_FAILED > 002 "lagu_tunnel" #1: sending notification AUTHENTICATION_FAILED to > <right-IP>:500> 003 "lagu_tunnel" #1: unable to locate my private key for RSA > Signature> 224 "lagu_tunnel" #1: STATE_MAIN_I2: AUTHENTICATION_FAILED > 002 "lagu_tunnel" #1: sending notification AUTHENTICATION_FAILED to > <right-IP>:500> 003 "lagu_tunnel" #1: unable to locate my private key for RSA > Signature> 224 "lagu_tunnel" #1: STATE_MAIN_I2: AUTHENTICATION_FAILED > 002 "lagu_tunnel" #1: sending notification AUTHENTICATION_FAILED to > <right-IP>:500> 003 "lagu_tunnel" #1: unable to locate my private key for RSA > Signature> 224 "lagu_tunnel" #1: STATE_MAIN_I2: AUTHENTICATION_FAILED > 002 "lagu_tunnel" #1: sending notification AUTHENTICATION_FAILED to > <right-IP>:500> 003 "lagu_tunnel" #1: unable to locate my private key for RSA > Signature> 224 "lagu_tunnel" #1: STATE_MAIN_I2: AUTHENTICATION_FAILED > 002 "lagu_tunnel" #1: sending notification AUTHENTICATION_FAILED to > <right-IP>:500> 003 "lagu_tunnel" #1: unable to locate my private key for RSA > Signature> 224 "lagu_tunnel" #1: STATE_MAIN_I2: AUTHENTICATION_FAILED > 002 "lagu_tunnel" #1: sending notification AUTHENTICATION_FAILED to > <right-IP>:500> > [...] > > Best regards. > Giuseppe Lauria > _________________________________________________ > Swan mailing list > [email protected] > https://lists.libreswan.org/mailman/listinfo/swan > Email had 1 attachment: > * lagu-tunnel.txt > 365k (text/plain) Have you seen this? https://lists.libreswan.org/pipermail/swan/2018/002496.html And since you're mixing different OS and libreswan versions - if you click through "Next message" in that thread, there are some version specific notes at the end. -- K
_______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
