I'm running 5.8-release.
On Thu, Nov 5, 2015 at 8:07 PM, Jonathan Gray <j...@jsg.id.au> wrote:
> Which release or snapshot are you running? For the version of the file
> Reyk pointed you at you'll need a -current snapshot.
>
> On Thu, Nov 05, 2015 at 12:58:29PM -0500, Toyam Cox wrote:
>> This got me past that error pretty handidly.
>>
>> However, now it is complaining about no index.txt. The path given
>> doesn't help me know where to put the index.txt
>>
>> Getting Private key
>> Using configuration from /etc/ssl/ikeca.cnf
>> index.txt: No such file or directory
>> unable to open 'index.txt'
>> 250120122244:error:02001002:system library:fopen:No such file or
>> directory:/usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/bio/bss_file.c:255:fopen('index.txt',
>> 'r')
>> 250120122244:error:20074002:BIO routines:FILE_CTRL:system
>> lib:/usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/bio/bss_file.c:257:
>>
>> On Thu, Nov 5, 2015 at 7:48 AM, Reyk Floeter <r...@openbsd.org> wrote:
>> > Copy ikeca.cnf from the ipsecctl source tree to /etc/ssl/ and retry.
>> >
>> > http://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/src/usr.sbin/ikectl/ikeca.cnf
>> >
>> > The openssl.cnf version broke and we somehow didn't install ikeca.cnf by
>> > default.
>> >
>> > Reyk
>> >
>> >> On 05.11.2015, at 08:28, Toyam Cox <aviator45...@gmail.com> wrote:
>> >>
>> >> Ho misc@,
>> >>
>> >> I have been (loosely) following the guide at
>> >> http://puffysecurity.com/wiki/openikedoffshore.html and have run into
>> >> a roadblock.
>> >>
>> >> I have packets going between my two hosts on different networks, the
>> >> configuration files on both are good, and both have the ca installed.
>> >>
>> >> However on my remote host, I get (ips and hostnames redacted):
>> >> Nov 5 01:38:14 hostname iked[7047]: ikev2_msg_send: IKE_SA_INIT
>> >> request from $local_wan:500 to $remote.168:500 msgid 0, 534 bytes
>> >> Nov 5 01:38:14 hostname iked[7047]: ikev2_recv: IKE_SA_INIT response
>> >> from responder $remote8:500 to $local:500 policy 'policy1' id 0, 471
>> >> bytes
>> >> Nov 5 01:38:14 hostname iked[12679]: ca_getreq: no valid local
>> >> certificate found
>> >>
>> >> This is coupled with, as I create the ca key...
>> >> # ikectl ca vpn1 create
>> >> CA passphrase:
>> >> Retype CA passphrase:
>> >> [stuff-happens-and-inputs]
>> >> Getting Private key
>> >> Using configuration from /etc/ssl/openssl.cnf
>> >> variable lookup failed for ca::default_ca
>> >> 24387713617796:error:0E06D06C:configuration file
>> >> routines:NCONF_get_string:no
>> >> value:/usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/conf/conf_lib.c:323:group=ca
>> >> name=default_ca
>> >>
>> >> I've checked the mail logs for misc@ and found a person in August with
>> >> this problem, http://marc.info/?l=openbsd-misc&m=133675466519976&w=2
>> >>
>> >> Unfortunately, editing /etc/ssl/x509v3.cnf didn't work for me.
>> >> Variable lookup still failed.
>> >>
>> >> Thank you for any help.
