[LUGOS] freeswan VPN
Administrator
sysadmin at ice.si
Wed Oct 15 14:18:02 CEST 2003
Prilagam ti ipsec.secrets (maskirano) in ipsec.conf.
-----Original Message-----
From: Nejc Skoberne [mailto:nejc.skoberne at guest.arnes.si]
Sent: Wednesday, October 15, 2003 1:03 PM
To: Administrator
Subject: Re: [LUGOS] freeswan VPN
Zdravo.
> "ice-premium" #63: Signature check (on @vpnprem.premium.com.pl) failed
> (wrong
> key?)
> 217 "ice-premium" #63: STATE_MAIN_I3: INVALID_KEY_INFORMATION
Ocitno je nekaj narobe s PSKjem. Ali lahko posljes ipsec.conf in
(maskiran) ipsec.secrets od obeh masin, pa se kaj pravijo logi?
> PS: Apeliram na
> Skoberneta, ker vem da je mojster za freeswan
No, mojster ravno ne. :) Je pa zanimiva tema...
--
Nejc Skoberne
Grajska 5
SI-5220 Tolmin
E-mail: nejc.skoberne at guest.arnes.si
-------------- next part --------------
ipsec.secret
: RSA {
# RSA 2048 bits vpnprem Tue Oct 14 20:21:02 2003
# for signatures only, UNSAFE FOR ENCRYPTION
#pubkey=0sAQOAbRW7GufefyfV8ogP6E9E7JkAh6d72ZXBKchDI4fEmIoptS5Nqk9zo72c3B8Ydv6+cnjwSq1Mubr9KTIaIucndz3D1+DYeAIWQWt/+UCc39Au4UR3MgFXyMl8AorO1buck1OdUo46kKVJta6I9S25XIsgiRREX4QHT+b69GK/l787isptH7ntPGQdLtHaQDG4fWZG4G2YwKGnnpv8mBh4IrOK3NbkTQs97C8uS+9zNmdvrdjJbP6WlukDb7JfbIHlGJz2TcrEj+igVVvyJRfk8cLmtl5McdN2I5ldCRt+T7uYjZ3RZFHT1PDMCFC3hsD020AlOmitba3zvVmY9j9V
#IN KEY 0x4200 4 1 AQOAbRW7GufefyfV8ogP6E9E7JkAh6d72ZXBKchDI4fEmIoptS5Nqk9zo72c3B8Ydv6+cnjwSq1Mubr9KTIaIucndz3D1+DYeAIWQWt/+UCc39Au4UR3MgFXyMl8AorO1buck1OdUo46kKVJta6I9S25XIsgiRREX4QHT+b69GK/l787isptH7ntPGQdLtHaQDG4fWZG4G2YwKGnnpv8mBh4IrOK3NbkTQs97C8uS+9zNmdvrdjJbP6WlukDb7JfbIHlGJz2TcrEj+igVVvyJRfk8cLmtl5McdN2I5ldCRt+T7uYjZ3RZFHT1PDMCFC3hsD020AlOmitba3zvVmY9j9V
# (0x4200 = auth-only host-level, 4 = IPSec, 1 = RSA)
Modulus: 0x806d15bb1ae7de7f27d5f2880fe84f44ec990087a77bd995c129c8432387c4988a29b52e4daa4f73a3bd9cdc1f1876febe7278f04aad4cb9bafd29321a22e727773dc3d7e0d8780216416b7ff9409cdfd02ee14477320157c8c97c028aced5bb9c93539d528e3a90a549b5ae88f52db95c8b208914445f84074fe6faf462bf97bf3b8aca6d1fb9ed3c641d2ed1da4031b87d6646e06d98c0a1a79e9bfc98187822b38adcd6e44d0b3dec2f2e4bef7336676fadd8c96cfe9696e9036fb25f6c81e5189cf64dcac48fe8a0555bf22517e4f1c2e6b65e4c71d37623995d091b7e4fbb988d9dd16451d3d4f0cc0850b786c0f4db40253a68ad6dadf3bd5998f63f55
PublicExponent: 0x03
# everything after this point is secret
PrivateExponent: 0x...dab
Prime1: 0x...ad5
Prime2: 0x...281
Exponent1: 0x..1e3
Exponent2: 0x...1ab
Coefficient: 0x...d94
}
# do not change the indenting of that "}"
ipsec.conf
config setup
# THIS SETTING MUST BE CORRECT or almost nothing will work;
# %defaultroute is okay for most simple cases.
interfaces=%defaultroute
# Debug-logging controls: "none" for (almost) none, "all" for lots.
klipsdebug=none
plutodebug=none
# Use auto= parameters in conn descriptions to control startup actions.
plutoload=%search
plutostart=%search
# Close down old connection when new one using same ID shows up.
uniqueids=yes
# defaults for subsequent connection descriptions
# (these defaults will soon go away)
conn %default
keyingtries=1
disablearrivalcheck=no
authby=rsasig
leftrsasigkey=%cert
rightrsasigkey=%cert
conn ice-premium
left=195.38.31.185
leftid=@vpnprem.premium.com.pl
leftnexthop=195.38.31.180
leftsubnet=192.168.50.0/24
leftrsasigkey=0sAQOAbRW7GufefyfV8ogP6E9E7JkAh6d72ZXBKchDI4fEmIoptS5Nqk9zo72c3B8Ydv6+cnjwSq1Mubr9KTIaIucndz3D1+DYeAIWQWt/+UCc39Au4UR3MgFXyMl8AorO1buck1OdUo46kKVJta6I9S25XIsgiRREX4QHT+b69GK/l787isptH7ntPGQdLtHaQDG4fWZG4G2YwKGnnpv8mBh4IrOK3NbkTQs97C8uS+9zNmdvrdjJbP6WlukDb7JfbIHlGJz2TcrEj+igVVvyJRfk8cLmtl5McdN2I5ldCRt+T7uYjZ3RZFHT1PDMCFC3hsD020AlOmitba3zvVmY9j9V
rightrsasigkey=0sAQPSL6YK82XxMu8fHIM/CvgwvpPEMpiQomtr+7iL7hINe1qc//gbqc27Jl/DTCkUA2+Q38pjBwZXEj1d9WdFrxj/y/I2wy404Iiu+jNwtayAokUiOVExP1catQITDFDKNbaruie0yYyvoLNTWjaHEgbKmWQocjw8p/WYskKRtFYLgO7Lb0X8ORdUVJA9RB4h2WjQYN7VZcsC3f67A8wrqlbcZ3Yu+RBc+IVo+/AUaIkBliy9h17jdhXq1x+V7RarJ1lCETUZdcjWP0mMfy5cbKtTzR5Aig3wVYvGk4DhFfXiBY13lp4hMODaeHrKi8/h22DfxF2lm3AD5FwfXIGn/w/j
right=213.250.31.194
rightid=@mail.icetelecom.si
rightnexthop=213.250.31.193
rightsubnet=192.168.1.0/24
auto=start
ipsec.secret
: RSA {
# RSA 2048 bits led Fri Sep 13 14:06:36 2002
# for signatures only, UNSAFE FOR ENCRYPTION
#pubkey=0sAQPSL6YK82XxMu8fHIM/CvgwvpPEMpiQomtr+7iL7hINe1qc//gbqc27Jl/DTCkUA2+Q38pjBwZXEj1d9WdFrxj/y/I2wy404Iiu+jNwtayAokUiOVExP1catQITDFDKNbaruie0yYyvoLNTWjaHEgbKmWQocjw8p/WYskKRtFYLgO7Lb0X8ORdUVJA9RB4h2WjQYN7VZcsC3f67A8wrqlbcZ3Yu+RBc+IVo+/AUaIkBliy9h17jdhXq1x+V7RarJ1lCETUZdcjWP0mMfy5cbKtTzR5Aig3wVYvGk4DhFfXiBY13lp4hMODaeHrKi8/h22DfxF2lm3AD5FwfXIGn/w/j
#IN KEY 0x4200 4 1 AQPSL6YK82XxMu8fHIM/CvgwvpPEMpiQomtr+7iL7hINe1qc//gbqc27Jl/DTCkUA2+Q38pjBwZXEj1d9WdFrxj/y/I2wy404Iiu+jNwtayAokUiOVExP1catQITDFDKNbaruie0yYyvoLNTWjaHEgbKmWQocjw8p/WYskKRtFYLgO7Lb0X8ORdUVJA9RB4h2WjQYN7VZcsC3f67A8wrqlbcZ3Yu+RBc+IVo+/AUaIkBliy9h17jdhXq1x+V7RarJ1lCETUZdcjWP0mMfy5cbKtTzR5Aig3wVYvGk4DhFfXiBY13lp4hMODaeHrKi8/h22DfxF2lm3AD5FwfXIGn/w/j
# (0x4200 = auth-only host-level, 4 = IPSec, 1 = RSA)
Modulus: 0xd22fa60af365f132ef1f1c833f0af830be93c4329890a26b6bfbb88bee120d7b5a9cfff81ba9cdbb265fc34c2914036f90dfca63070657123d5df56745af18ffcbf236c32e34e088aefa3370b5ac80a245223951313f571ab502130c50ca35b6abba27b4c98cafa0b3535a36871206ca996428723c3ca7f598b24291b4560b80eecb6f45fc39175454903d441e21d968d060ded565cb02ddfebb03cc2baa56dc67762ef9105cf88568fbf014688901962cbd875ee37615ead71f95ed16ab27594211351975c8d63f498c7f2e5c6cab53cd1e408a0df0558bc69380e115f5e2058d77969e2130e0da787aca8bcfe1db60dfc45da59b7003e45c1f5c81a7ff0fe3
PublicExponent: 0x03
# everything after this point is secret
PrivateExponent: 0x..0bb
Prime1: 0x...0d3
Prime2: 0x...ab1
Exponent1: 0x...b37
Exponent2: 0x...1cb
Coefficient: 0x...d38
}
# do not change the indenting of that "}"
ipsec.conf
config setup
# THIS SETTING MUST BE CORRECT or almost nothing will work;
# %defaultroute is okay for most simple cases.
interfaces=%defaultroute
# Debug-logging controls: "none" for (almost) none, "all" for lots.
klipsdebug=none
plutodebug=none
# Use auto= parameters in conn descriptions to control startup actions.
plutoload=%search
plutostart=%search
# Close down old connection when new one using same ID shows up.
uniqueids=yes
conn %default
keyingtries=1
compress=yes
disablearrivalcheck=no
authby=rsasig
leftrsasigkey=%cert
rightrsasigkey=%cert
conn ice-premium
left=195.38.31.185
leftid=@vpnprem.premium.com.pl
leftsubnet=192.168.50.0/24
leftrsasigkey=0sAQOAbRW7GufefyfV8ogP6E9E7JkAh6d72ZXBKchDI4fEmIoptS5Nqk9zo72c3B8Ydv6+cnjwSq1Mubr9KTIaIucndz3D1+DYeAIWQWt/+UCc39Au4UR3MgFXyMl8AorO1buck1OdUo46kKVJta6I9S25XIsgiRREX4QHT+b69GK/l787isptH7ntPGQdLtHaQDG4fWZG4G2YwKGnnpv8mBh4IrOK3NbkTQs97C8uS+9zNmdvrdjJbP6WlukDb7JfbIHlGJz2TcrEj+igVVvyJRfk8cLmtl5McdN2I5ldCRt+T7uYjZ3RZFHT1PDMCFC3hsD020AlOmitba3zvVmY9j9V
rightrsasigkey=0sAQPSL6YK82XxMu8fHIM/CvgwvpPEMpiQomtr+7iL7hINe1qc//gbqc27Jl/DTCkUA2+Q38pjBwZXEj1d9WdFrxj/y/I2wy404Iiu+jNwtayAokUiOVExP1catQITDFDKNbaruie0yYyvoLNTWjaHEgbKmWQocjw8p/WYskKRtFYLgO7Lb0X8ORdUVJA9RB4h2WjQYN7VZcsC3f67A8wrqlbcZ3Yu+RBc+IVo+/AUaIkBliy9h17jdhXq1x+V7RarJ1lCETUZdcjWP0mMfy5cbKtTzR5Aig3wVYvGk4DhFfXiBY13lp4hMODaeHrKi8/h22DfxF2lm3AD5FwfXIGn/w/j
right=213.250.31.194
rightid=@mail.icetelecom.si
rightnexthop=213.250.31.193
rightsubnet=192.168.1.0/24
auto=start
More information about the lugos-list
mailing list