• VMware

    Learn about VMware virtualization for its products like vsphere ESX and ESXi, vCenter Server, VMware View, VMware P2V and many more

  • Linux

    Step by step configuration tutorials for many of the Linux services like DNS, DHCP, FTP, Samba4 etc including many tips and tricks in Red Hat Linux.

  • Database

    Learn installation and configuration of databases like Oracle, My SQL, Postgresql, etc including many other related tutorials in Linux.

  • Life always offers you a second chance ... Its called tomorrow !!!

    Wednesday, October 10, 2012

    ipsec showhostkey no secrets filename matched "/etc/ipsec.d/*.secrets"

    This error you might get while trying to configure openswan and you are unaware of some important steps which you have missed out in the configuration. You are supposed to generate host key for the authentication which is stored in ipsec.secrets file.

    Error:
    # ipsec showhostkey --left
    ipsec showhostkey nss directory showhostkey: /etc/ipsec.d
    ipsec showhostkey no secrets filename matched "/etc/ipsec.d/*.secrets"
    No keys found

    Solution:

    This is the step which you will have to follow to do the same
    # ipsec newhostkey --output /etc/ipsec.secrets --bits 2048 --verbose --configdir /etc/pki/nssdb

    Once the key is generated in your ipsec.secrets file, open it and add the following line
    # vi /etc/ipsec.secrets
     : RSA   {
     : RSA   {
     : RSA   {
            # RSA 2048 bits   ip-10-10-10-134   Tue Oct  9 10:32:09 2012
            # for signatures only, UNSAFE FOR ENCRYPTION
    
     #pubkey=0sAQOtfFcvEQ6QJvVrr0DEFCa9ImnGLwOWXkTVsNJUptu8GRDLmD5otOiwiQG7LGs7fDsKoLUKhnMskixtwoSgNzBAk8tfykZGUCxK/q2nvJ+QN67SG1Xlh3SG3c/FaVPRmS7WYKYCO942iZrZuao/sj+NuJWr0nL8zkEO0KVX5FId8vnmmOak8vwDeGQ0K2g1zgMRIrj1jYSahe/tSr6bMnCvYFkXiKHn50zjyfktGnChsJNcRtgj2R4RUcK6ahtXfYRRMCCzITuSKy2eG+yPQ/vOuaTOqkiKp9FmkF0UZDDE/GjK65zwe2JEVRtmvDX/tzR7Lsgfk5mcCdGWsnIR499XL
    
             Modulus: 0xad7c572f110e9026f56baf40c41426bd2269cp62f03965e44d5b0d254a6dbbc1910cb983e68b4e8b08901bb2c6b3b7c3b0aa0b50a86732c922c6dc284a037304093cb5fc991940b12bfab69ef27e40debb486d57961dd21b773f15a54f4664bb59829808ef78da266b66e6a8fec8fe36e256af49cbf339043b42955f914877cbe79a639a93cbf00de190d0ada0d7380c448ae3d636126a17bfb52afa6cc9c2bd81645e22879f9d338f27e4b469c286c24d711b608f647845470ae9a86d5df61144c082cc84ee48acb6786fb23d0fef3ae6933aa9222a9f459a41745190c313f1a32bae73c1ed8911546d9af0d7fedcd1ecbb207e4e667027465ac9c8478f7d5cb
    
            PublicExponent: 0x03
            # everything after this point is CKA_ID in hex format when using NSS
            PrivateExponent: 0xf0ece7ac58e0dcae7aa3638a98cfa1f132c152f4
            Prime1: 0xf0ece7ac58e0dcae7aa3638a98cfa1f132c152f4
            Prime2: 0xf0ece7ac58e0dcae7aa3638a98cfa1f132c152f4
            Exponent1: 0xf0ece7ac58e0dcae7aa3638a98cfa1f132c152f4
            Exponent2: 0xf0ece7ac58e0dcpae7aa3638a98cfa1f132c152f4
            Coefficient: 0xf0ece7ac58e0dcae7aa3638a98cfa1f132c152f4
            CKAIDNSS: 0xf0ece7ac58e0dcae7aa3638a98cfa1f132c152f4
            }
     # do not change the indenting of that "}"

    Now you can check for the new host keys
    # ipsec showhostkey --left
            # rsakey AQOtfFcvE
    
    leftrsasigkey=0sAQOtfFcvEQ6QJvVrr0DEFCa9ImnGLwOWXkTVsNJUptu8GRDLmD5otOiwiQG7LGs7fDsKoLUKhnMskixtwoSgNzBAk8tfyZGUCxK/q2nvJ+QN67SG1Xlh3SG3c/FaVPRmS7WYKYCO942iZrpuao/sj+NuJWr0nL8zkEO0KVX5FId8vnmmOak8vwDeGQ0K2g1zgMRIrj1jYSahe/tSr6bMnCvYFkXiKHn50zjyfktGnChsJNcRtgj2R4RUcK6ahtXfYRRMCCzITuSKy2eG+yPQ/vOuaTOqkiKp9FmkF0UZDDE/GjK65zwe2JEVRtmvDX/tzR7Lsgfk5mcCdGWsnIR499XL
    
     # ipsec showhostkey --right
            # rsakey AQOtfFcvE
            rightrsasigkey=0sAQOtfFcvEQ6QJvVrr0DEFCa9ImnGLwOWXkTVsNJUptu8GRDLmD5otOiwiQG7LGs7fDsKoLUKhnMskixtwoSgNzBAk8tfyZGUCxK/q2nvJ+QN67SG1Xlh3SG3c/FaVPRmS7WYKYCO942iZrZuao/sj+NuJWr0nL8zkEO0KVX5FId8vnmmOak8vwDeGQ0K2g1zgMRIrj1jYSahe/tSr6bMnCvYFkXiKHn50zjyfktGnChsJNcRtgj2R4RUcK6ahtXfYRRMCCzITuSKy2eG+yPQ/vOuaTOqkiKp9FmkF0UZDDE/GjK65zwe2JEVRtmvDX/tzR7Lsgfk5mcCdGWsnIR499XL

    For complete configuration of openswan including screenshots follow this page
    openswan configuration in RedHat5


    0 comments:

    Post a Comment