Which release or snapshot are you running? For the version of the file
Reyk pointed you at you'll need a -current snapshot.
On Thu, Nov 05, 2015 at 12:58:29PM -0500, Toyam Cox wrote:
> This got me past that error pretty handidly.
>
> However, now it is complaining about no index.txt. The path given
> doesn't help me know where to put the index.txt
>
> Getting Private key
> Using configuration from /etc/ssl/ikeca.cnf
> index.txt: No such file or directory
> unable to open 'index.txt'
> 250120122244:error:02001002:system library:fopen:No such file or
> directory:/usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/bio/bss_file.c:255:fopen('index.txt',
> 'r')
> 250120122244:error:20074002:BIO routines:FILE_CTRL:system
> lib:/usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/bio/bss_file.c:257:
>
> On Thu, Nov 5, 2015 at 7:48 AM, Reyk Floeter <r...@openbsd.org> wrote:
> > Copy ikeca.cnf from the ipsecctl source tree to /etc/ssl/ and retry.
> >
> > http://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/src/usr.sbin/ikectl/ikeca.cnf
> >
> > The openssl.cnf version broke and we somehow didn't install ikeca.cnf by
> > default.
> >
> > Reyk
> >
> >> On 05.11.2015, at 08:28, Toyam Cox <aviator45...@gmail.com> wrote:
> >>
> >> Ho misc@,
> >>
> >> I have been (loosely) following the guide at
> >> http://puffysecurity.com/wiki/openikedoffshore.html and have run into
> >> a roadblock.
> >>
> >> I have packets going between my two hosts on different networks, the
> >> configuration files on both are good, and both have the ca installed.
> >>
> >> However on my remote host, I get (ips and hostnames redacted):
> >> Nov 5 01:38:14 hostname iked[7047]: ikev2_msg_send: IKE_SA_INIT
> >> request from $local_wan:500 to $remote.168:500 msgid 0, 534 bytes
> >> Nov 5 01:38:14 hostname iked[7047]: ikev2_recv: IKE_SA_INIT response
> >> from responder $remote8:500 to $local:500 policy 'policy1' id 0, 471
> >> bytes
> >> Nov 5 01:38:14 hostname iked[12679]: ca_getreq: no valid local
> >> certificate found
> >>
> >> This is coupled with, as I create the ca key...
> >> # ikectl ca vpn1 create
> >> CA passphrase:
> >> Retype CA passphrase:
> >> [stuff-happens-and-inputs]
> >> Getting Private key
> >> Using configuration from /etc/ssl/openssl.cnf
> >> variable lookup failed for ca::default_ca
> >> 24387713617796:error:0E06D06C:configuration file
> >> routines:NCONF_get_string:no
> >> value:/usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/conf/conf_lib.c:323:group=ca
> >> name=default_ca
> >>
> >> I've checked the mail logs for misc@ and found a person in August with
> >> this problem, http://marc.info/?l=openbsd-misc&m=133675466519976&w=2
> >>
> >> Unfortunately, editing /etc/ssl/x509v3.cnf didn't work for me.
> >> Variable lookup still failed.
> >>
> >> Thank you for any help.
