Re: [CentOS] Libreswan PEM format
I did :) I'm all for an easy life. I got a very similar error instead of but no connection has been authorized with policy RSASIG+IKEV1_ALLOW I got but no connection has been authorized with policy PSK+IKEV1_ALLOW I did read somewhere though errors are re herrings which is helpful. Thanks On 1 April 2016 at 18:39, Eero Volotinenwrote: > IPSec is very complex with certificates. try first with PSK authentication > and then with certificates > > -- > Eero > > 2016-04-01 20:21 GMT+03:00 Glenn Pierce : > >> I generated according to the docs . Which produced >> my server.secrets as below >> >> used the command >> >> ipsec newhostkey --configdir /etc/ipsec.d --output >> /etc/ipsec.d/www.example.com.secrets >> >> >> : RSA { >> # RSA 3328 bits ***.**.net Fri Apr 1 15:39:32 2016 >> # for signatures only, UNSAFE FOR ENCRYPTION >> >> #pubkey=0sAQPs3gZ6GBRJSoy/6RxrL/cMv0JnYEKR/SYmXUCVlkBFNi2D7VJsa17ffvmBUjLLD6/T72M31JvlPhkSzK/YSPpoh8hNtSB4IDlD2WGks+hYlnQ4ZSOaj5LHFRFochUVQAiSWgx4OnvI9cYrj+rDZL/0vtGeLDJiLeTSj3DLfWCi2DG/LzZ1ukQMQCETMb6vZ9YcC21iQUNxEHLVJlTSltVdpyWnWfKvoQ9K3NFiVVsXZ0+puQCHWJqp1OQtesaSCQNzeUgjmhm5W+kVzQ1NkeCz6Me0iQEIzH+b6gdJrjRzgwhU1ZRXfthP4QiIANh9C9uI2VGj1tM05qXm2Ps9KZiholyQSKmjZNXU1RBzQdc2T09WsGRBPFprH8k3nN2MpWkWj1Tljawx7uRoCWtH0UkOhe04kPzZ4M5CHplNEM7fO05DraRt7F99oN2cYuRHCzLD53QwdS8ptw3G1FCiSK7+v3klE0zemBToknFAT5Oy5XiHILLkNccjXmJ12eyw1qUX/jM7r+COGQQfefYbv8fokxJy+dSB2JmPqOT05ssvMw== >> Modulus: >> >> 0xecde067a1814494a8cbfe91c6b2ff70cbf4267604291fd26265d4095964045362d83ed526c6b5edf7ef9815232cb0fafd3ef6337d49be53e1912ccafd848fa6887c84db52078203943d961a4b3e85896743865239a8f92c71511687215154008925a0c783a7bc8f5c62b8feac364bff4bed19e2c32622de4d28f70cb7d60a2d831bf2f3675ba440c40211331beaf67d61c0b6d624143711072d52654d296d55da725a759f2afa10f4adcd162555b17674fa9b90087589aa9d4e42d7ac6920903737948239a19b95be915cd0d4d91e0b3e8c7b4890108cc7f9bea0749ae3473830854d594577ed84fe1088800d87d0bdb88d951a3d6d334e6a5e6d8fb3d2998a1a25c9048a9a364d5d4d5107341d7364f4f56b064413c5a6b1fc9379cdd8ca569168f54e58dac31eee468096b47d1490e85ed3890fcd9e0ce421e994d10cedf3b4e43ada46dec5f7da0dd9c62e4470b32c3e77430752f29b70dc6d450a248aefebf7925134cde9814e89271404f93b2e5788720b2e435c7235e6275d9ecb0d6a517fe333bafe08e19041f79f61bbfc7e8931272f9d481d8998fa8e4f4e6cb2f33 >> PublicExponent: 0x03 >> # everything after this point is CKA_ID in hex format - not >> the real values >> PrivateExponent: 0x3d2c8bd4f34e4a395a5f57dd3d2211c8cbb82514 >> Prime1: 0x3d2c8bd4f34e4a395a5f57dd3d2211c8cbb82514 >> Prime2: 0x3d2c8bd4f34e4a395a5f57dd3d2211c8cbb82514 >> Exponent1: 0x3d2c8bd4f34e4a395a5f57dd3d2211c8cbb82514 >> Exponent2: 0x3d2c8bd4f34e4a395a5f57dd3d2211c8cbb82514 >> Coefficient: 0x3d2c8bd4f34e4a395a5f57dd3d2211c8cbb82514 >> CKAIDNSS: 0x3d2c8bd4f34e4a395a5f57dd3d2211c8cbb82514 >> } >> # do not change the indenting of that "}" >> >> On 1 April 2016 at 18:04, Eero Volotinen wrote: >> > You must define connection address and key in ipsec.secrets. >> > >> > -- >> > Eero >> > >> > >> > 2016-04-01 19:38 GMT+03:00 Glenn Pierce : >> > >> >> Just trying to follow the instructions here >> >> >> >> >> https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Security_Guide/sec-Securing_Virtual_Private_Networks.html >> >> >> >> I don't think I am doing anything special. >> >> >> >> At the point where there is some communication going on >> >> >> >> Getting this error >> >> >> >> packet from *:1024: received Vendor ID payload [Cisco-Unity] >> >> Apr 01 17:33:44 carneab4.memset.net pluto[15986]: packet from >> >> ***:1024: received Vendor ID payload [Dead Peer Detection] >> >> Apr 01 17:33:44 carneab4.memset.net pluto[15986]: packet from *** >> >> :1024: initial Main Mode message received on :500 but no >> >> connection has been authorized with policy RSASIG+IKEV1_ALLOW >> >> >> >> The errors are so vague. >> >> Not sure what the problem is now >> >> >> >> >> >> >> >> My conf >> >> >> >> >> >> >> >> conn tunnel >> >> #phase2alg=aes256-sha1;modp1024 >> >> keyexchange=ike >> >> #ike=aes256-sha1;modp1024 >> >> left=192.168.1.122 >> >> leftnexthop=81.129.247.152 # My ISP assigned external ip adresss >> >> (I am testing at home) >> >> >> >> >> leftrsasigkey=0sAQPs3gZ6GBRJSoy/6RxrL/cMv0JnYEKR/SYmXUCVlkBFNi2D7VJsa17ffvmBUjLLD6/T72M31JvlPhkSzK/YSPpoh8hNtSB4IDlD2WGks+hYlnQ4ZSOaj5LHFRFochUVQAiSWgx4OnvI9cYrj+rDZL/0vtGeLDJiLeTSj3DLfWCi2DG/LzZ1ukQMQCETMb6vZ9YcC21iQUNxEHLVJlTSltVdpyWnWfKvoQ9K3NFiVVsXZ0+puQCHWJqp1OQtesaSCQNzeUgjmhm5W+kVzQ1NkeCz6Me0iQEIzH+b6gdJrjRzgwhU1ZRXfthP4QiIANh9C9uI2VGj1tM05qXm2Ps9KZiholyQSKmjZNXU1RBzQdc2T09WsGRBPFprH8k3nN2MpWkWj1Tljawx7uRoCWtH0UkOhe04kPzZ4M5CHplNEM7fO05DraRt7F99oN2cYuRHCzLD53QwdS8ptw3G1FCiSK7+v3klE0zemBToknFAT5Oy5XiHILLkNccjXmJ12eyw1qUX/jM7r+COGQQfefYbv8fokxJy+dSB2JmPqOT05ssvMw== >> >>
Re: [CentOS] Libreswan PEM format
IPSec is very complex with certificates. try first with PSK authentication and then with certificates -- Eero 2016-04-01 20:21 GMT+03:00 Glenn Pierce: > I generated according to the docs . Which produced > my server.secrets as below > > used the command > > ipsec newhostkey --configdir /etc/ipsec.d --output > /etc/ipsec.d/www.example.com.secrets > > > : RSA { > # RSA 3328 bits ***.**.net Fri Apr 1 15:39:32 2016 > # for signatures only, UNSAFE FOR ENCRYPTION > > #pubkey=0sAQPs3gZ6GBRJSoy/6RxrL/cMv0JnYEKR/SYmXUCVlkBFNi2D7VJsa17ffvmBUjLLD6/T72M31JvlPhkSzK/YSPpoh8hNtSB4IDlD2WGks+hYlnQ4ZSOaj5LHFRFochUVQAiSWgx4OnvI9cYrj+rDZL/0vtGeLDJiLeTSj3DLfWCi2DG/LzZ1ukQMQCETMb6vZ9YcC21iQUNxEHLVJlTSltVdpyWnWfKvoQ9K3NFiVVsXZ0+puQCHWJqp1OQtesaSCQNzeUgjmhm5W+kVzQ1NkeCz6Me0iQEIzH+b6gdJrjRzgwhU1ZRXfthP4QiIANh9C9uI2VGj1tM05qXm2Ps9KZiholyQSKmjZNXU1RBzQdc2T09WsGRBPFprH8k3nN2MpWkWj1Tljawx7uRoCWtH0UkOhe04kPzZ4M5CHplNEM7fO05DraRt7F99oN2cYuRHCzLD53QwdS8ptw3G1FCiSK7+v3klE0zemBToknFAT5Oy5XiHILLkNccjXmJ12eyw1qUX/jM7r+COGQQfefYbv8fokxJy+dSB2JmPqOT05ssvMw== > Modulus: > > 0xecde067a1814494a8cbfe91c6b2ff70cbf4267604291fd26265d4095964045362d83ed526c6b5edf7ef9815232cb0fafd3ef6337d49be53e1912ccafd848fa6887c84db52078203943d961a4b3e85896743865239a8f92c71511687215154008925a0c783a7bc8f5c62b8feac364bff4bed19e2c32622de4d28f70cb7d60a2d831bf2f3675ba440c40211331beaf67d61c0b6d624143711072d52654d296d55da725a759f2afa10f4adcd162555b17674fa9b90087589aa9d4e42d7ac6920903737948239a19b95be915cd0d4d91e0b3e8c7b4890108cc7f9bea0749ae3473830854d594577ed84fe1088800d87d0bdb88d951a3d6d334e6a5e6d8fb3d2998a1a25c9048a9a364d5d4d5107341d7364f4f56b064413c5a6b1fc9379cdd8ca569168f54e58dac31eee468096b47d1490e85ed3890fcd9e0ce421e994d10cedf3b4e43ada46dec5f7da0dd9c62e4470b32c3e77430752f29b70dc6d450a248aefebf7925134cde9814e89271404f93b2e5788720b2e435c7235e6275d9ecb0d6a517fe333bafe08e19041f79f61bbfc7e8931272f9d481d8998fa8e4f4e6cb2f33 > PublicExponent: 0x03 > # everything after this point is CKA_ID in hex format - not > the real values > PrivateExponent: 0x3d2c8bd4f34e4a395a5f57dd3d2211c8cbb82514 > Prime1: 0x3d2c8bd4f34e4a395a5f57dd3d2211c8cbb82514 > Prime2: 0x3d2c8bd4f34e4a395a5f57dd3d2211c8cbb82514 > Exponent1: 0x3d2c8bd4f34e4a395a5f57dd3d2211c8cbb82514 > Exponent2: 0x3d2c8bd4f34e4a395a5f57dd3d2211c8cbb82514 > Coefficient: 0x3d2c8bd4f34e4a395a5f57dd3d2211c8cbb82514 > CKAIDNSS: 0x3d2c8bd4f34e4a395a5f57dd3d2211c8cbb82514 > } > # do not change the indenting of that "}" > > On 1 April 2016 at 18:04, Eero Volotinen wrote: > > You must define connection address and key in ipsec.secrets. > > > > -- > > Eero > > > > > > 2016-04-01 19:38 GMT+03:00 Glenn Pierce : > > > >> Just trying to follow the instructions here > >> > >> > https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Security_Guide/sec-Securing_Virtual_Private_Networks.html > >> > >> I don't think I am doing anything special. > >> > >> At the point where there is some communication going on > >> > >> Getting this error > >> > >> packet from *:1024: received Vendor ID payload [Cisco-Unity] > >> Apr 01 17:33:44 carneab4.memset.net pluto[15986]: packet from > >> ***:1024: received Vendor ID payload [Dead Peer Detection] > >> Apr 01 17:33:44 carneab4.memset.net pluto[15986]: packet from *** > >> :1024: initial Main Mode message received on :500 but no > >> connection has been authorized with policy RSASIG+IKEV1_ALLOW > >> > >> The errors are so vague. > >> Not sure what the problem is now > >> > >> > >> > >> My conf > >> > >> > >> > >> conn tunnel > >> #phase2alg=aes256-sha1;modp1024 > >> keyexchange=ike > >> #ike=aes256-sha1;modp1024 > >> left=192.168.1.122 > >> leftnexthop=81.129.247.152 # My ISP assigned external ip adresss > >> (I am testing at home) > >> > >> > leftrsasigkey=0sAQPs3gZ6GBRJSoy/6RxrL/cMv0JnYEKR/SYmXUCVlkBFNi2D7VJsa17ffvmBUjLLD6/T72M31JvlPhkSzK/YSPpoh8hNtSB4IDlD2WGks+hYlnQ4ZSOaj5LHFRFochUVQAiSWgx4OnvI9cYrj+rDZL/0vtGeLDJiLeTSj3DLfWCi2DG/LzZ1ukQMQCETMb6vZ9YcC21iQUNxEHLVJlTSltVdpyWnWfKvoQ9K3NFiVVsXZ0+puQCHWJqp1OQtesaSCQNzeUgjmhm5W+kVzQ1NkeCz6Me0iQEIzH+b6gdJrjRzgwhU1ZRXfthP4QiIANh9C9uI2VGj1tM05qXm2Ps9KZiholyQSKmjZNXU1RBzQdc2T09WsGRBPFprH8k3nN2MpWkWj1Tljawx7uRoCWtH0UkOhe04kPzZ4M5CHplNEM7fO05DraRt7F99oN2cYuRHCzLD53QwdS8ptw3G1FCiSK7+v3klE0zemBToknFAT5Oy5XiHILLkNccjXmJ12eyw1qUX/jM7r+COGQQfefYbv8fokxJy+dSB2JmPqOT05ssvMw== > >> right=89.200.134.211 > >> > >> >
Re: [CentOS] Libreswan PEM format
I generated according to the docs . Which produced my server.secrets as below used the command ipsec newhostkey --configdir /etc/ipsec.d --output /etc/ipsec.d/www.example.com.secrets : RSA { # RSA 3328 bits ***.**.net Fri Apr 1 15:39:32 2016 # for signatures only, UNSAFE FOR ENCRYPTION #pubkey=0sAQPs3gZ6GBRJSoy/6RxrL/cMv0JnYEKR/SYmXUCVlkBFNi2D7VJsa17ffvmBUjLLD6/T72M31JvlPhkSzK/YSPpoh8hNtSB4IDlD2WGks+hYlnQ4ZSOaj5LHFRFochUVQAiSWgx4OnvI9cYrj+rDZL/0vtGeLDJiLeTSj3DLfWCi2DG/LzZ1ukQMQCETMb6vZ9YcC21iQUNxEHLVJlTSltVdpyWnWfKvoQ9K3NFiVVsXZ0+puQCHWJqp1OQtesaSCQNzeUgjmhm5W+kVzQ1NkeCz6Me0iQEIzH+b6gdJrjRzgwhU1ZRXfthP4QiIANh9C9uI2VGj1tM05qXm2Ps9KZiholyQSKmjZNXU1RBzQdc2T09WsGRBPFprH8k3nN2MpWkWj1Tljawx7uRoCWtH0UkOhe04kPzZ4M5CHplNEM7fO05DraRt7F99oN2cYuRHCzLD53QwdS8ptw3G1FCiSK7+v3klE0zemBToknFAT5Oy5XiHILLkNccjXmJ12eyw1qUX/jM7r+COGQQfefYbv8fokxJy+dSB2JmPqOT05ssvMw== Modulus: 0xecde067a1814494a8cbfe91c6b2ff70cbf4267604291fd26265d4095964045362d83ed526c6b5edf7ef9815232cb0fafd3ef6337d49be53e1912ccafd848fa6887c84db52078203943d961a4b3e85896743865239a8f92c71511687215154008925a0c783a7bc8f5c62b8feac364bff4bed19e2c32622de4d28f70cb7d60a2d831bf2f3675ba440c40211331beaf67d61c0b6d624143711072d52654d296d55da725a759f2afa10f4adcd162555b17674fa9b90087589aa9d4e42d7ac6920903737948239a19b95be915cd0d4d91e0b3e8c7b4890108cc7f9bea0749ae3473830854d594577ed84fe1088800d87d0bdb88d951a3d6d334e6a5e6d8fb3d2998a1a25c9048a9a364d5d4d5107341d7364f4f56b064413c5a6b1fc9379cdd8ca569168f54e58dac31eee468096b47d1490e85ed3890fcd9e0ce421e994d10cedf3b4e43ada46dec5f7da0dd9c62e4470b32c3e77430752f29b70dc6d450a248aefebf7925134cde9814e89271404f93b2e5788720b2e435c7235e6275d9ecb0d6a517fe333bafe08e19041f79f61bbfc7e8931272f9d481d8998fa8e4f4e6cb2f33 PublicExponent: 0x03 # everything after this point is CKA_ID in hex format - not the real values PrivateExponent: 0x3d2c8bd4f34e4a395a5f57dd3d2211c8cbb82514 Prime1: 0x3d2c8bd4f34e4a395a5f57dd3d2211c8cbb82514 Prime2: 0x3d2c8bd4f34e4a395a5f57dd3d2211c8cbb82514 Exponent1: 0x3d2c8bd4f34e4a395a5f57dd3d2211c8cbb82514 Exponent2: 0x3d2c8bd4f34e4a395a5f57dd3d2211c8cbb82514 Coefficient: 0x3d2c8bd4f34e4a395a5f57dd3d2211c8cbb82514 CKAIDNSS: 0x3d2c8bd4f34e4a395a5f57dd3d2211c8cbb82514 } # do not change the indenting of that "}" On 1 April 2016 at 18:04, Eero Volotinenwrote: > You must define connection address and key in ipsec.secrets. > > -- > Eero > > > 2016-04-01 19:38 GMT+03:00 Glenn Pierce : > >> Just trying to follow the instructions here >> >> https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Security_Guide/sec-Securing_Virtual_Private_Networks.html >> >> I don't think I am doing anything special. >> >> At the point where there is some communication going on >> >> Getting this error >> >> packet from *:1024: received Vendor ID payload [Cisco-Unity] >> Apr 01 17:33:44 carneab4.memset.net pluto[15986]: packet from >> ***:1024: received Vendor ID payload [Dead Peer Detection] >> Apr 01 17:33:44 carneab4.memset.net pluto[15986]: packet from *** >> :1024: initial Main Mode message received on :500 but no >> connection has been authorized with policy RSASIG+IKEV1_ALLOW >> >> The errors are so vague. >> Not sure what the problem is now >> >> >> >> My conf >> >> >> >> conn tunnel >> #phase2alg=aes256-sha1;modp1024 >> keyexchange=ike >> #ike=aes256-sha1;modp1024 >> left=192.168.1.122 >> leftnexthop=81.129.247.152 # My ISP assigned external ip adresss >> (I am testing at home) >> >> leftrsasigkey=0sAQPs3gZ6GBRJSoy/6RxrL/cMv0JnYEKR/SYmXUCVlkBFNi2D7VJsa17ffvmBUjLLD6/T72M31JvlPhkSzK/YSPpoh8hNtSB4IDlD2WGks+hYlnQ4ZSOaj5LHFRFochUVQAiSWgx4OnvI9cYrj+rDZL/0vtGeLDJiLeTSj3DLfWCi2DG/LzZ1ukQMQCETMb6vZ9YcC21iQUNxEHLVJlTSltVdpyWnWfKvoQ9K3NFiVVsXZ0+puQCHWJqp1OQtesaSCQNzeUgjmhm5W+kVzQ1NkeCz6Me0iQEIzH+b6gdJrjRzgwhU1ZRXfthP4QiIANh9C9uI2VGj1tM05qXm2Ps9KZiholyQSKmjZNXU1RBzQdc2T09WsGRBPFprH8k3nN2MpWkWj1Tljawx7uRoCWtH0UkOhe04kPzZ4M5CHplNEM7fO05DraRt7F99oN2cYuRHCzLD53QwdS8ptw3G1FCiSK7+v3klE0zemBToknFAT5Oy5XiHILLkNccjXmJ12eyw1qUX/jM7r+COGQQfefYbv8fokxJy+dSB2JmPqOT05ssvMw== >> right=89.200.134.211 >> >> rightrsasigkey=0sAQPs3gZ6GBRJSoy/6RxrL/cMv0JnYEKR/SYmXUCVlkBFNi2D7VJsa17ffvmBUjLLD6/T72M31JvlPhkSzK/YSPpoh8hNtSB4IDlD2WGks+hYlnQ4ZSOaj5LHFRFochUVQAiSWgx4OnvI9cYrj+rDZL/0vtGeLDJiLeTSj3DLfWCi2DG/LzZ1ukQMQCETMb6vZ9YcC21iQUNxEHLVJlTSltVdpyWnWfKvoQ9K3NFiVVsXZ0+puQCHWJqp1OQtesaSCQNzeUgjmhm5W+kVzQ1NkeCz6Me0iQEIzH+b6gdJrjRzgwhU1ZRXfthP4QiIANh9C9uI2VGj1tM05qXm2Ps9KZiholyQSKmjZNXU1RBzQdc2T09WsGRBPFprH8k3nN2MpWkWj1Tljawx7uRoCWtH0UkOhe04kPzZ4M5CHplNEM7fO05DraRt7F99oN2cYuRHCzLD53QwdS8ptw3G1FCiSK7+v3klE0zemBToknFAT5Oy5XiHILLkNccjXmJ12eyw1qUX/jM7r+COGQQfefYbv8fokxJy+dSB2JmPqOT05ssvMw== >> authby=secret|rsasig >> # load and initiate automatically >> auto=start >> >> conn site1 >> also=tunnel >> leftsubnet=10.0.128.0/22 >>
Re: [CentOS] Libreswan PEM format
You must define connection address and key in ipsec.secrets. -- Eero 2016-04-01 19:38 GMT+03:00 Glenn Pierce: > Just trying to follow the instructions here > > https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Security_Guide/sec-Securing_Virtual_Private_Networks.html > > I don't think I am doing anything special. > > At the point where there is some communication going on > > Getting this error > > packet from *:1024: received Vendor ID payload [Cisco-Unity] > Apr 01 17:33:44 carneab4.memset.net pluto[15986]: packet from > ***:1024: received Vendor ID payload [Dead Peer Detection] > Apr 01 17:33:44 carneab4.memset.net pluto[15986]: packet from *** > :1024: initial Main Mode message received on :500 but no > connection has been authorized with policy RSASIG+IKEV1_ALLOW > > The errors are so vague. > Not sure what the problem is now > > > > My conf > > > > conn tunnel > #phase2alg=aes256-sha1;modp1024 > keyexchange=ike > #ike=aes256-sha1;modp1024 > left=192.168.1.122 > leftnexthop=81.129.247.152 # My ISP assigned external ip adresss > (I am testing at home) > > leftrsasigkey=0sAQPs3gZ6GBRJSoy/6RxrL/cMv0JnYEKR/SYmXUCVlkBFNi2D7VJsa17ffvmBUjLLD6/T72M31JvlPhkSzK/YSPpoh8hNtSB4IDlD2WGks+hYlnQ4ZSOaj5LHFRFochUVQAiSWgx4OnvI9cYrj+rDZL/0vtGeLDJiLeTSj3DLfWCi2DG/LzZ1ukQMQCETMb6vZ9YcC21iQUNxEHLVJlTSltVdpyWnWfKvoQ9K3NFiVVsXZ0+puQCHWJqp1OQtesaSCQNzeUgjmhm5W+kVzQ1NkeCz6Me0iQEIzH+b6gdJrjRzgwhU1ZRXfthP4QiIANh9C9uI2VGj1tM05qXm2Ps9KZiholyQSKmjZNXU1RBzQdc2T09WsGRBPFprH8k3nN2MpWkWj1Tljawx7uRoCWtH0UkOhe04kPzZ4M5CHplNEM7fO05DraRt7F99oN2cYuRHCzLD53QwdS8ptw3G1FCiSK7+v3klE0zemBToknFAT5Oy5XiHILLkNccjXmJ12eyw1qUX/jM7r+COGQQfefYbv8fokxJy+dSB2JmPqOT05ssvMw== > right=89.200.134.211 > > rightrsasigkey=0sAQPs3gZ6GBRJSoy/6RxrL/cMv0JnYEKR/SYmXUCVlkBFNi2D7VJsa17ffvmBUjLLD6/T72M31JvlPhkSzK/YSPpoh8hNtSB4IDlD2WGks+hYlnQ4ZSOaj5LHFRFochUVQAiSWgx4OnvI9cYrj+rDZL/0vtGeLDJiLeTSj3DLfWCi2DG/LzZ1ukQMQCETMb6vZ9YcC21iQUNxEHLVJlTSltVdpyWnWfKvoQ9K3NFiVVsXZ0+puQCHWJqp1OQtesaSCQNzeUgjmhm5W+kVzQ1NkeCz6Me0iQEIzH+b6gdJrjRzgwhU1ZRXfthP4QiIANh9C9uI2VGj1tM05qXm2Ps9KZiholyQSKmjZNXU1RBzQdc2T09WsGRBPFprH8k3nN2MpWkWj1Tljawx7uRoCWtH0UkOhe04kPzZ4M5CHplNEM7fO05DraRt7F99oN2cYuRHCzLD53QwdS8ptw3G1FCiSK7+v3klE0zemBToknFAT5Oy5XiHILLkNccjXmJ12eyw1qUX/jM7r+COGQQfefYbv8fokxJy+dSB2JmPqOT05ssvMw== > authby=secret|rsasig > # load and initiate automatically > auto=start > > conn site1 > also=tunnel > leftsubnet=10.0.128.0/22 > rightsubnet=192.168.1.222/32 > > conn site2 > also=tunnel > > > > > > > > > On 1 April 2016 at 15:58, Eero Volotinen wrote: > > So you are using pkcs12 on centos: > > > > https://www.sslshopper.com/article-most-common-openssl-commands.html > > -- > > Eero > > > > 2016-04-01 17:44 GMT+03:00 Glenn Pierce : > > > >> Sorry but I have looked for over two days. Trying every command I could > >> find. > >> > >> There is obviously a misunderstanding somewhere. > >> > >> After generating a key pair with > >> ipsec newhostkey --configdir /etc/ipsec.d --output > /etc/ipsec.d/my.secrets > >> > >> I exported to a file with > >> ipsec showhostkey --ipseckey > file > >> > >> The man pages says > >> ipsec showhostkey outputs in ipsec.conf(5) format, > >> > >> Ie > >> > >> > >> ***.server.net.INIPSECKEY 10 0 2 . > >> > >> > AQPs3gZ6GBRJSoy/6RxrL/cMv0JnYEKR/SYmXUCVlkBFNi2D7VJsa17ffvmBUjLLD6/T72M31JvlPhkSzK/YSPpoh8hNtSB4IDlD2WGks+hYlnQ4ZSOaj5LHFRFochUVQAiSWgx4OnvI9cYrj+rDZL/0vtGeLDJiLeTSj3DLfWCi2DG/LzZ1ukQMQCETMb6vZ9YcC21iQUNxEHLVJlTSltVdpyWnWfKvoQ9K3NFiVVsXZ0+puQCHWJqp1OQtesaSCQNzeUgjmhm5W+kVzQ1NkeCz6Me0iQEIzH+b6gdJrjRzgwhU1ZRXfthP4QiIANh9C9uI2VGj1tM05qXm2Ps9KZiholyQSKmjZNXU1RBzQdc2T09WsGRBPFprH8k3nN2MpWkWj1Tljawx7uRoCWtH0UkOhe04kPzZ4M5CHplNEM7fO05DraRt7F99oN2cYuRHCzLD53QwdS8ptw3G1FCiSK7+v3klE0zemBToknFAT5Oy5XiHILLkNccjXmJ12eyw1qUX/jM7r+COGQQfefYbv8fokxJy+dSB2JmPqOT05ssvMw== > >> > >> > >> is this the format openssl is meant to beable to convert ? or is the > >> an intermediate step I am missing as like I said not command I found > >> seems to work. > >> > >> > >> On 1 April 2016 at 14:35, Eero Volotinen wrote: > >> > It works, try googling for openssl pem conversion > >> > 1.4.2016 4.32 ip. "Glenn Pierce" kirjoitti: > >> > > >> >> I have tried > >> >> openssl rsa -in bicester_left.pub -outform pem > bicester_left.pem > >> >> > >> >> I get > >> >> unable to load Private Key > >> >> 140372295030648:error:0906D06C:PEM routines:PEM_read_bio:no start > >> >> line:pem_lib.c:701:Expecting: ANY PRIVATE KEY > >> >> > >> >> > >> >> > >> >> On 1 April 2016 at 13:59, Eero Volotinen > wrote: > >> >> > You can do any kind of format conversions with openssl commandline > >> >> client. > >> >> > > >> >> > Eero > >> >> > 1.4.2016 3.56 ip. "Glenn Pierce" > kirjoitti: > >> >> > > >> >> >> Hi I am trying to setup a libreswan vpn
Re: [CentOS] Libreswan PEM format
Just trying to follow the instructions here https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Security_Guide/sec-Securing_Virtual_Private_Networks.html I don't think I am doing anything special. At the point where there is some communication going on Getting this error packet from *:1024: received Vendor ID payload [Cisco-Unity] Apr 01 17:33:44 carneab4.memset.net pluto[15986]: packet from ***:1024: received Vendor ID payload [Dead Peer Detection] Apr 01 17:33:44 carneab4.memset.net pluto[15986]: packet from *** :1024: initial Main Mode message received on :500 but no connection has been authorized with policy RSASIG+IKEV1_ALLOW The errors are so vague. Not sure what the problem is now My conf conn tunnel #phase2alg=aes256-sha1;modp1024 keyexchange=ike #ike=aes256-sha1;modp1024 left=192.168.1.122 leftnexthop=81.129.247.152 # My ISP assigned external ip adresss (I am testing at home) leftrsasigkey=0sAQPs3gZ6GBRJSoy/6RxrL/cMv0JnYEKR/SYmXUCVlkBFNi2D7VJsa17ffvmBUjLLD6/T72M31JvlPhkSzK/YSPpoh8hNtSB4IDlD2WGks+hYlnQ4ZSOaj5LHFRFochUVQAiSWgx4OnvI9cYrj+rDZL/0vtGeLDJiLeTSj3DLfWCi2DG/LzZ1ukQMQCETMb6vZ9YcC21iQUNxEHLVJlTSltVdpyWnWfKvoQ9K3NFiVVsXZ0+puQCHWJqp1OQtesaSCQNzeUgjmhm5W+kVzQ1NkeCz6Me0iQEIzH+b6gdJrjRzgwhU1ZRXfthP4QiIANh9C9uI2VGj1tM05qXm2Ps9KZiholyQSKmjZNXU1RBzQdc2T09WsGRBPFprH8k3nN2MpWkWj1Tljawx7uRoCWtH0UkOhe04kPzZ4M5CHplNEM7fO05DraRt7F99oN2cYuRHCzLD53QwdS8ptw3G1FCiSK7+v3klE0zemBToknFAT5Oy5XiHILLkNccjXmJ12eyw1qUX/jM7r+COGQQfefYbv8fokxJy+dSB2JmPqOT05ssvMw== right=89.200.134.211 rightrsasigkey=0sAQPs3gZ6GBRJSoy/6RxrL/cMv0JnYEKR/SYmXUCVlkBFNi2D7VJsa17ffvmBUjLLD6/T72M31JvlPhkSzK/YSPpoh8hNtSB4IDlD2WGks+hYlnQ4ZSOaj5LHFRFochUVQAiSWgx4OnvI9cYrj+rDZL/0vtGeLDJiLeTSj3DLfWCi2DG/LzZ1ukQMQCETMb6vZ9YcC21iQUNxEHLVJlTSltVdpyWnWfKvoQ9K3NFiVVsXZ0+puQCHWJqp1OQtesaSCQNzeUgjmhm5W+kVzQ1NkeCz6Me0iQEIzH+b6gdJrjRzgwhU1ZRXfthP4QiIANh9C9uI2VGj1tM05qXm2Ps9KZiholyQSKmjZNXU1RBzQdc2T09WsGRBPFprH8k3nN2MpWkWj1Tljawx7uRoCWtH0UkOhe04kPzZ4M5CHplNEM7fO05DraRt7F99oN2cYuRHCzLD53QwdS8ptw3G1FCiSK7+v3klE0zemBToknFAT5Oy5XiHILLkNccjXmJ12eyw1qUX/jM7r+COGQQfefYbv8fokxJy+dSB2JmPqOT05ssvMw== authby=secret|rsasig # load and initiate automatically auto=start conn site1 also=tunnel leftsubnet=10.0.128.0/22 rightsubnet=192.168.1.222/32 conn site2 also=tunnel On 1 April 2016 at 15:58, Eero Volotinenwrote: > So you are using pkcs12 on centos: > > https://www.sslshopper.com/article-most-common-openssl-commands.html > -- > Eero > > 2016-04-01 17:44 GMT+03:00 Glenn Pierce : > >> Sorry but I have looked for over two days. Trying every command I could >> find. >> >> There is obviously a misunderstanding somewhere. >> >> After generating a key pair with >> ipsec newhostkey --configdir /etc/ipsec.d --output /etc/ipsec.d/my.secrets >> >> I exported to a file with >> ipsec showhostkey --ipseckey > file >> >> The man pages says >> ipsec showhostkey outputs in ipsec.conf(5) format, >> >> Ie >> >> >> ***.server.net.INIPSECKEY 10 0 2 . >> >> AQPs3gZ6GBRJSoy/6RxrL/cMv0JnYEKR/SYmXUCVlkBFNi2D7VJsa17ffvmBUjLLD6/T72M31JvlPhkSzK/YSPpoh8hNtSB4IDlD2WGks+hYlnQ4ZSOaj5LHFRFochUVQAiSWgx4OnvI9cYrj+rDZL/0vtGeLDJiLeTSj3DLfWCi2DG/LzZ1ukQMQCETMb6vZ9YcC21iQUNxEHLVJlTSltVdpyWnWfKvoQ9K3NFiVVsXZ0+puQCHWJqp1OQtesaSCQNzeUgjmhm5W+kVzQ1NkeCz6Me0iQEIzH+b6gdJrjRzgwhU1ZRXfthP4QiIANh9C9uI2VGj1tM05qXm2Ps9KZiholyQSKmjZNXU1RBzQdc2T09WsGRBPFprH8k3nN2MpWkWj1Tljawx7uRoCWtH0UkOhe04kPzZ4M5CHplNEM7fO05DraRt7F99oN2cYuRHCzLD53QwdS8ptw3G1FCiSK7+v3klE0zemBToknFAT5Oy5XiHILLkNccjXmJ12eyw1qUX/jM7r+COGQQfefYbv8fokxJy+dSB2JmPqOT05ssvMw== >> >> >> is this the format openssl is meant to beable to convert ? or is the >> an intermediate step I am missing as like I said not command I found >> seems to work. >> >> >> On 1 April 2016 at 14:35, Eero Volotinen wrote: >> > It works, try googling for openssl pem conversion >> > 1.4.2016 4.32 ip. "Glenn Pierce" kirjoitti: >> > >> >> I have tried >> >> openssl rsa -in bicester_left.pub -outform pem > bicester_left.pem >> >> >> >> I get >> >> unable to load Private Key >> >> 140372295030648:error:0906D06C:PEM routines:PEM_read_bio:no start >> >> line:pem_lib.c:701:Expecting: ANY PRIVATE KEY >> >> >> >> >> >> >> >> On 1 April 2016 at 13:59, Eero Volotinen wrote: >> >> > You can do any kind of format conversions with openssl commandline >> >> client. >> >> > >> >> > Eero >> >> > 1.4.2016 3.56 ip. "Glenn Pierce" kirjoitti: >> >> > >> >> >> Hi I am trying to setup a libreswan vpn between centos 7 and a >> Mikrotik >> >> >> router. >> >> >> >> >> >> I am try to get the keys working. My problem is the Mikrotik router >> >> >> wants the key in PEM format >> >> >> >> >> >> How do I export the keys generated with ipsec newhostkey >> >> >> into PEM format ? >> >> >> >> >> >> >> >> >> Thanks >> >> >>
Re: [CentOS] Libreswan PEM format
I just removed the name. I will be regenerating again. To be honest if an attacker to get this to work I would buy then a drink :) On 1 April 2016 at 17:01, Gordon Messmerwrote: > On 04/01/2016 07:44 AM, Glenn Pierce wrote: >> >> Ie >> ***.server.net.INIPSECKEY 10 0 2 . > > > Was that a key that you generated as an example, or your actual VPN key? > The fact that you obscured part of it makes me think it might be the latter, > but if that's the case, you really should generate a new key for your > server. The part you obscured isn't the sensitive part. > > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Libreswan PEM format
On 04/01/2016 07:44 AM, Glenn Pierce wrote: Ie ***.server.net.INIPSECKEY 10 0 2 . Was that a key that you generated as an example, or your actual VPN key? The fact that you obscured part of it makes me think it might be the latter, but if that's the case, you really should generate a new key for your server. The part you obscured isn't the sensitive part. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Libreswan PEM format
Typical I think I just did it . I downloaded a perl script to do it at https://git.dn42.us/ryan/pubkey-converter/raw/master/pubkey-converter.pl First I did ipsec showhostkey --right > right.pub I then edited the file to remove the ipsec key = line Then I converted with perl pubkey-converter.pl -p < right.pub > /home/glenn/right.pub On 1 April 2016 at 15:44, Glenn Piercewrote: > Sorry but I have looked for over two days. Trying every command I could find. > > There is obviously a misunderstanding somewhere. > > After generating a key pair with > ipsec newhostkey --configdir /etc/ipsec.d --output /etc/ipsec.d/my.secrets > > I exported to a file with > ipsec showhostkey --ipseckey > file > > The man pages says > ipsec showhostkey outputs in ipsec.conf(5) format, > > Ie > > > ***.server.net.INIPSECKEY 10 0 2 . > AQPs3gZ6GBRJSoy/6RxrL/cMv0JnYEKR/SYmXUCVlkBFNi2D7VJsa17ffvmBUjLLD6/T72M31JvlPhkSzK/YSPpoh8hNtSB4IDlD2WGks+hYlnQ4ZSOaj5LHFRFochUVQAiSWgx4OnvI9cYrj+rDZL/0vtGeLDJiLeTSj3DLfWCi2DG/LzZ1ukQMQCETMb6vZ9YcC21iQUNxEHLVJlTSltVdpyWnWfKvoQ9K3NFiVVsXZ0+puQCHWJqp1OQtesaSCQNzeUgjmhm5W+kVzQ1NkeCz6Me0iQEIzH+b6gdJrjRzgwhU1ZRXfthP4QiIANh9C9uI2VGj1tM05qXm2Ps9KZiholyQSKmjZNXU1RBzQdc2T09WsGRBPFprH8k3nN2MpWkWj1Tljawx7uRoCWtH0UkOhe04kPzZ4M5CHplNEM7fO05DraRt7F99oN2cYuRHCzLD53QwdS8ptw3G1FCiSK7+v3klE0zemBToknFAT5Oy5XiHILLkNccjXmJ12eyw1qUX/jM7r+COGQQfefYbv8fokxJy+dSB2JmPqOT05ssvMw== > > > is this the format openssl is meant to beable to convert ? or is the > an intermediate step I am missing as like I said not command I found > seems to work. > > > On 1 April 2016 at 14:35, Eero Volotinen wrote: >> It works, try googling for openssl pem conversion >> 1.4.2016 4.32 ip. "Glenn Pierce" kirjoitti: >> >>> I have tried >>> openssl rsa -in bicester_left.pub -outform pem > bicester_left.pem >>> >>> I get >>> unable to load Private Key >>> 140372295030648:error:0906D06C:PEM routines:PEM_read_bio:no start >>> line:pem_lib.c:701:Expecting: ANY PRIVATE KEY >>> >>> >>> >>> On 1 April 2016 at 13:59, Eero Volotinen wrote: >>> > You can do any kind of format conversions with openssl commandline >>> client. >>> > >>> > Eero >>> > 1.4.2016 3.56 ip. "Glenn Pierce" kirjoitti: >>> > >>> >> Hi I am trying to setup a libreswan vpn between centos 7 and a Mikrotik >>> >> router. >>> >> >>> >> I am try to get the keys working. My problem is the Mikrotik router >>> >> wants the key in PEM format >>> >> >>> >> How do I export the keys generated with ipsec newhostkey >>> >> into PEM format ? >>> >> >>> >> >>> >> Thanks >>> >> ___ >>> >> CentOS mailing list >>> >> CentOS@centos.org >>> >> https://lists.centos.org/mailman/listinfo/centos >>> >> >>> > ___ >>> > CentOS mailing list >>> > CentOS@centos.org >>> > https://lists.centos.org/mailman/listinfo/centos >>> ___ >>> CentOS mailing list >>> CentOS@centos.org >>> https://lists.centos.org/mailman/listinfo/centos >>> >> ___ >> CentOS mailing list >> CentOS@centos.org >> https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Libreswan PEM format
So you are using pkcs12 on centos: https://www.sslshopper.com/article-most-common-openssl-commands.html -- Eero 2016-04-01 17:44 GMT+03:00 Glenn Pierce: > Sorry but I have looked for over two days. Trying every command I could > find. > > There is obviously a misunderstanding somewhere. > > After generating a key pair with > ipsec newhostkey --configdir /etc/ipsec.d --output /etc/ipsec.d/my.secrets > > I exported to a file with > ipsec showhostkey --ipseckey > file > > The man pages says > ipsec showhostkey outputs in ipsec.conf(5) format, > > Ie > > > ***.server.net.INIPSECKEY 10 0 2 . > > AQPs3gZ6GBRJSoy/6RxrL/cMv0JnYEKR/SYmXUCVlkBFNi2D7VJsa17ffvmBUjLLD6/T72M31JvlPhkSzK/YSPpoh8hNtSB4IDlD2WGks+hYlnQ4ZSOaj5LHFRFochUVQAiSWgx4OnvI9cYrj+rDZL/0vtGeLDJiLeTSj3DLfWCi2DG/LzZ1ukQMQCETMb6vZ9YcC21iQUNxEHLVJlTSltVdpyWnWfKvoQ9K3NFiVVsXZ0+puQCHWJqp1OQtesaSCQNzeUgjmhm5W+kVzQ1NkeCz6Me0iQEIzH+b6gdJrjRzgwhU1ZRXfthP4QiIANh9C9uI2VGj1tM05qXm2Ps9KZiholyQSKmjZNXU1RBzQdc2T09WsGRBPFprH8k3nN2MpWkWj1Tljawx7uRoCWtH0UkOhe04kPzZ4M5CHplNEM7fO05DraRt7F99oN2cYuRHCzLD53QwdS8ptw3G1FCiSK7+v3klE0zemBToknFAT5Oy5XiHILLkNccjXmJ12eyw1qUX/jM7r+COGQQfefYbv8fokxJy+dSB2JmPqOT05ssvMw== > > > is this the format openssl is meant to beable to convert ? or is the > an intermediate step I am missing as like I said not command I found > seems to work. > > > On 1 April 2016 at 14:35, Eero Volotinen wrote: > > It works, try googling for openssl pem conversion > > 1.4.2016 4.32 ip. "Glenn Pierce" kirjoitti: > > > >> I have tried > >> openssl rsa -in bicester_left.pub -outform pem > bicester_left.pem > >> > >> I get > >> unable to load Private Key > >> 140372295030648:error:0906D06C:PEM routines:PEM_read_bio:no start > >> line:pem_lib.c:701:Expecting: ANY PRIVATE KEY > >> > >> > >> > >> On 1 April 2016 at 13:59, Eero Volotinen wrote: > >> > You can do any kind of format conversions with openssl commandline > >> client. > >> > > >> > Eero > >> > 1.4.2016 3.56 ip. "Glenn Pierce" kirjoitti: > >> > > >> >> Hi I am trying to setup a libreswan vpn between centos 7 and a > Mikrotik > >> >> router. > >> >> > >> >> I am try to get the keys working. My problem is the Mikrotik router > >> >> wants the key in PEM format > >> >> > >> >> How do I export the keys generated with ipsec newhostkey > >> >> into PEM format ? > >> >> > >> >> > >> >> Thanks > >> >> ___ > >> >> CentOS mailing list > >> >> CentOS@centos.org > >> >> https://lists.centos.org/mailman/listinfo/centos > >> >> > >> > ___ > >> > CentOS mailing list > >> > CentOS@centos.org > >> > https://lists.centos.org/mailman/listinfo/centos > >> ___ > >> CentOS mailing list > >> CentOS@centos.org > >> https://lists.centos.org/mailman/listinfo/centos > >> > > ___ > > CentOS mailing list > > CentOS@centos.org > > https://lists.centos.org/mailman/listinfo/centos > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Libreswan PEM format
Sorry but I have looked for over two days. Trying every command I could find. There is obviously a misunderstanding somewhere. After generating a key pair with ipsec newhostkey --configdir /etc/ipsec.d --output /etc/ipsec.d/my.secrets I exported to a file with ipsec showhostkey --ipseckey > file The man pages says ipsec showhostkey outputs in ipsec.conf(5) format, Ie ***.server.net.INIPSECKEY 10 0 2 . AQPs3gZ6GBRJSoy/6RxrL/cMv0JnYEKR/SYmXUCVlkBFNi2D7VJsa17ffvmBUjLLD6/T72M31JvlPhkSzK/YSPpoh8hNtSB4IDlD2WGks+hYlnQ4ZSOaj5LHFRFochUVQAiSWgx4OnvI9cYrj+rDZL/0vtGeLDJiLeTSj3DLfWCi2DG/LzZ1ukQMQCETMb6vZ9YcC21iQUNxEHLVJlTSltVdpyWnWfKvoQ9K3NFiVVsXZ0+puQCHWJqp1OQtesaSCQNzeUgjmhm5W+kVzQ1NkeCz6Me0iQEIzH+b6gdJrjRzgwhU1ZRXfthP4QiIANh9C9uI2VGj1tM05qXm2Ps9KZiholyQSKmjZNXU1RBzQdc2T09WsGRBPFprH8k3nN2MpWkWj1Tljawx7uRoCWtH0UkOhe04kPzZ4M5CHplNEM7fO05DraRt7F99oN2cYuRHCzLD53QwdS8ptw3G1FCiSK7+v3klE0zemBToknFAT5Oy5XiHILLkNccjXmJ12eyw1qUX/jM7r+COGQQfefYbv8fokxJy+dSB2JmPqOT05ssvMw== is this the format openssl is meant to beable to convert ? or is the an intermediate step I am missing as like I said not command I found seems to work. On 1 April 2016 at 14:35, Eero Volotinenwrote: > It works, try googling for openssl pem conversion > 1.4.2016 4.32 ip. "Glenn Pierce" kirjoitti: > >> I have tried >> openssl rsa -in bicester_left.pub -outform pem > bicester_left.pem >> >> I get >> unable to load Private Key >> 140372295030648:error:0906D06C:PEM routines:PEM_read_bio:no start >> line:pem_lib.c:701:Expecting: ANY PRIVATE KEY >> >> >> >> On 1 April 2016 at 13:59, Eero Volotinen wrote: >> > You can do any kind of format conversions with openssl commandline >> client. >> > >> > Eero >> > 1.4.2016 3.56 ip. "Glenn Pierce" kirjoitti: >> > >> >> Hi I am trying to setup a libreswan vpn between centos 7 and a Mikrotik >> >> router. >> >> >> >> I am try to get the keys working. My problem is the Mikrotik router >> >> wants the key in PEM format >> >> >> >> How do I export the keys generated with ipsec newhostkey >> >> into PEM format ? >> >> >> >> >> >> Thanks >> >> ___ >> >> CentOS mailing list >> >> CentOS@centos.org >> >> https://lists.centos.org/mailman/listinfo/centos >> >> >> > ___ >> > CentOS mailing list >> > CentOS@centos.org >> > https://lists.centos.org/mailman/listinfo/centos >> ___ >> CentOS mailing list >> CentOS@centos.org >> https://lists.centos.org/mailman/listinfo/centos >> > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Libreswan PEM format
It works, try googling for openssl pem conversion 1.4.2016 4.32 ip. "Glenn Pierce"kirjoitti: > I have tried > openssl rsa -in bicester_left.pub -outform pem > bicester_left.pem > > I get > unable to load Private Key > 140372295030648:error:0906D06C:PEM routines:PEM_read_bio:no start > line:pem_lib.c:701:Expecting: ANY PRIVATE KEY > > > > On 1 April 2016 at 13:59, Eero Volotinen wrote: > > You can do any kind of format conversions with openssl commandline > client. > > > > Eero > > 1.4.2016 3.56 ip. "Glenn Pierce" kirjoitti: > > > >> Hi I am trying to setup a libreswan vpn between centos 7 and a Mikrotik > >> router. > >> > >> I am try to get the keys working. My problem is the Mikrotik router > >> wants the key in PEM format > >> > >> How do I export the keys generated with ipsec newhostkey > >> into PEM format ? > >> > >> > >> Thanks > >> ___ > >> CentOS mailing list > >> CentOS@centos.org > >> https://lists.centos.org/mailman/listinfo/centos > >> > > ___ > > CentOS mailing list > > CentOS@centos.org > > https://lists.centos.org/mailman/listinfo/centos > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Libreswan PEM format
I have tried openssl rsa -in bicester_left.pub -outform pem > bicester_left.pem I get unable to load Private Key 140372295030648:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:701:Expecting: ANY PRIVATE KEY On 1 April 2016 at 13:59, Eero Volotinenwrote: > You can do any kind of format conversions with openssl commandline client. > > Eero > 1.4.2016 3.56 ip. "Glenn Pierce" kirjoitti: > >> Hi I am trying to setup a libreswan vpn between centos 7 and a Mikrotik >> router. >> >> I am try to get the keys working. My problem is the Mikrotik router >> wants the key in PEM format >> >> How do I export the keys generated with ipsec newhostkey >> into PEM format ? >> >> >> Thanks >> ___ >> CentOS mailing list >> CentOS@centos.org >> https://lists.centos.org/mailman/listinfo/centos >> > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Libreswan PEM format
You can do any kind of format conversions with openssl commandline client. Eero 1.4.2016 3.56 ip. "Glenn Pierce"kirjoitti: > Hi I am trying to setup a libreswan vpn between centos 7 and a Mikrotik > router. > > I am try to get the keys working. My problem is the Mikrotik router > wants the key in PEM format > > How do I export the keys generated with ipsec newhostkey > into PEM format ? > > > Thanks > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos