Openswan on fedora 14
After straggling with openswan for a week, i thought of getting some help...
I have openswan 2.6.31 installed on two Fedoras 14 (latest) running on the same box under VirtualBox -
i'm trying to establish an ipsec connection between the two Fedoras (in case it's relevant they are running in private host network mode)
i have connectivity between the two Fedroas
i totally removed iptables
i created my own conf file with left and right data including the public keys as generated (each o different fedora) by ipsec showhostkey --left/right
i start ipsec from /etc/init.d/
i add the connection using ipsec auto --add (the connection name is host-to-host)
and then i --up the connection and here is what i get
"can't find the private key from the NSS cert (err -12285)
... and after few lines...
"possible authentication failure: no acceptable response to our first encrypted message"
i looked into /var/log/secure and i also see the following...
Mar 15 23:04:01 HisFedora pluto: "host-to-host" #6: Signature check (on @MacFedora) failed (wrong key?); tried *AQOmRjUPo
Mar 15 23:04:01 HisFedora pluto: "host-to-host" #6: sending encrypted notification INVALID_KEY_INFORMATION to 192.168.56.102:500
HisFedora and MacFedora are the two Fedoras i have
ok, found the following...
not sure why but once I created the NSS cert/key database with an empty password, everything started to work as expected and the tunnel was established
when i used a non empty password, i saw in the log files that pluto was searching for nsspassword file and didn't find it (not sure how to create this file)
Anyone has a tip of how to make things work with a non empty password?
|All times are GMT -5. The time now is 09:40 AM.|