LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Fedora
User Name
Password
Fedora This forum is for the discussion of the Fedora Project.

Notices

Reply
 
Search this Thread
Old 03-15-2011, 04:10 PM   #1
amirn
LQ Newbie
 
Registered: Mar 2011
Distribution: Fedora,Ubunutu
Posts: 15

Rep: Reputation: 0
Openswan on fedora 14


After straggling with openswan for a week, i thought of getting some help...

I have openswan 2.6.31 installed on two Fedoras 14 (latest) running on the same box under VirtualBox -

i'm trying to establish an ipsec connection between the two Fedoras (in case it's relevant they are running in private host network mode)

i have connectivity between the two Fedroas
i totally removed iptables
i created my own conf file with left and right data including the public keys as generated (each o different fedora) by ipsec showhostkey --left/right

i start ipsec from /etc/init.d/
i add the connection using ipsec auto --add (the connection name is host-to-host)
and then i --up the connection and here is what i get

...
"can't find the private key from the NSS cert (err -12285)

... and after few lines...
"possible authentication failure: no acceptable response to our first encrypted message"

i looked into /var/log/secure and i also see the following...


Mar 15 23:04:01 HisFedora pluto[4116]: "host-to-host" #6: Signature check (on @MacFedora) failed (wrong key?); tried *AQOmRjUPo
Mar 15 23:04:01 HisFedora pluto[4116]: "host-to-host" #6: sending encrypted notification INVALID_KEY_INFORMATION to 192.168.56.102:500

HisFedora and MacFedora are the two Fedoras i have

any thoughts?

Amir
 
Old 03-20-2011, 08:22 AM   #2
amirn
LQ Newbie
 
Registered: Mar 2011
Distribution: Fedora,Ubunutu
Posts: 15

Original Poster
Rep: Reputation: 0
ok, found the following...
not sure why but once I created the NSS cert/key database with an empty password, everything started to work as expected and the tunnel was established
when i used a non empty password, i saw in the log files that pluto was searching for nsspassword file and didn't find it (not sure how to create this file)

Anyone has a tip of how to make things work with a non empty password?

Amir
 
  


Reply

Tags
fedora, openswan


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
openswan 2.1.1 Giovanni26 Linux - Security 5 01-07-2010 11:44 AM
Openswan Evgeny Linux - Security 4 01-07-2010 11:43 AM
openswan amsri Linux - Software 1 01-13-2006 11:11 PM
Openswan Evgeny Linux - Security 3 03-05-2005 03:59 AM
[Q] IPSec OpenSwan (Fedora Core3) to FreeSwan device TheEdge Linux - Security 0 11-23-2004 04:16 AM


All times are GMT -5. The time now is 08:05 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration