Hi Does anyone have experience with a IPSECKEY RR? Especially how to make one?
Why do I need one, you ask? Well, it's my best guest. I have to create a site2site vpn tunnel between a Westermo GPRS-Modem and a Checkpoint Firewall, and the Modem does not accept the certificate. Instead it logs: "no RSA public key known for '62.99.190.155'; DNS search for KEY failed (failure querying DNS for KEY of 155.190.99.62.in-addr.arpa.: Host name lookup failure)" I found an example of such an RR on the interwebs, it looks like this: 38.2.0.192.in-addr.arpa. 7200 IN IPSECKEY ( 10 1 2 192.0.2.38 AQNRU3mG7TVTO2BkR47usntb102uFJtugbo6BSGvgqt4AQ== ) My BIND 9.8.2 accepts this record, but of course I need the correct one, not the example. So, does anyone know how to convert the public key of my certificate into a signature like this? Here some additional information: Logentries of the Mestermo MRD-310: <84>Dec 18 16:51:25 pluto[16214]: "VPN_ASA_TM0" #1: Main mode peer ID is ID_IPV4_ADDR: '62.99.190.155' <84>Dec 18 16:51:25 pluto[16214]: "VPN_ASA_TM0" #1: issuer cacert not found <84>Dec 18 16:51:25 pluto[16214]: "VPN_ASA_TM0" #1: X.509 certificate rejected <84>Dec 18 16:51:25 pluto[16214]: "VPN_ASA_TM0" #1: issuer cacert not found <84>Dec 18 16:51:25 pluto[16214]: "VPN_ASA_TM0" #1: X.509 certificate rejected <84>Dec 18 16:51:26 pluto[16214]: "VPN_ASA_TM0" #1: no RSA public key known for '62.99.190.155'; DNS search for KEY failed (failure querying DNS for KEY of 155.190.99.62.in-addr.arpa.: Host name lookup failure) <84>Dec 18 16:51:26 pluto[16214]: "VPN_ASA_TM0" #1: sending encrypted notification INVALID_KEY_INFORMATION to 62.99.190.155:500 IPSECKEY rfc: https://tools.ietf.org/html/rfc4025 Thanks! --- Ing. Christian Melbinger Netzwerk & Security WienIT EDV Dienstleistungsgesellschaft mbH & Co KG A-1030 Wien, Thomas-Klestil-Platz 6 tel: +43 (1) 90405 47188 fax: +43 (1) 90405 88 47188 mailto:christian.melbin...@wienit.at ____________________________________________________________________________ WienIT EDV Dienstleistungsgesellschaft mbH & Co KG, A-1030 Wien, Thomas-Klestil-Platz 6, FN 255974h, Handelsgericht Wien, DVR: 2109667, UID-Nr. ATU61260824 Persönlich haftender Gesellschafter: WienIT EDV Dienstleistungsgesellschaft mbH, A-1030 Wien, Thomas-Klestil-Platz 6, FN 255649f, Handelsgericht Wien, UID-Nr. ATU61296118
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users