Hosting Provided By

[Users] Unexplained no passphrase error

From: Lists <lists(at)deiknumi.com>
Date: Mon Apr 28 2003 - 17:33:02 EDT

Hello,

I have followed Nate Carlson's doc on
http://www.natecarlson.com/linux/ipsec-x509.php (Thanks to Nate for a very informative explanation. It's very clear and easy to follow....)

I hope I have followed it correctly, but I seem to have a re-occurring error that "no passphrase available" on the certificates that I have created.

I'm using SuSE Linux V8.1 and their standard freeswan package. Syslog excerpt below:

Apr 28 12:06:41 reassure ipsec__plutorun: Starting Pluto subsystem...
Apr 28 12:06:41 reassure ipsec_setup: ...FreeS/WAN IPsec started
Apr 28 12:06:41 reassure ipsec_setup: ^M^[[80C^[[10D^[[1;32mdone^[[m^O
Apr 28 12:06:42 reassure pluto[28781]: Starting Pluto (FreeS/WAN Version

1.98b)
Apr 28 12:06:42 reassure pluto[28781]: including X.509 patch (Version 0.9.14)
Apr 28 12:06:42 reassure pluto[28781]: Changing to directory '/etc/ipsec.d/cacerts'
Apr 28 12:06:42 reassure pluto[28781]: loaded cacert file 'cacert.pem' (1436 bytes)
Apr 28 12:06:42 reassure pluto[28781]: Changing to directory '/etc/ipsec.d/crls'
Apr 28 12:06:42 reassure pluto[28781]: loaded crl file 'crl.pem' (625 bytes)
Apr 28 12:06:42 reassure pluto[28781]: could not open my default X.509 cert file '/etc/x509cert.der'
Apr 28 12:06:42 reassure pluto[28781]: OpenPGP certificate file '/etc/pgpcert.pgp' not found
Apr 28 12:06:43 reassure pluto[28781]: loaded host cert file '/etc/ipsec.d/reassure.XXXX.XXX.pem' (2752 bytes) Apr 28 12:06:43 reassure pluto[28781]: no passphrase available Apr 28 12:06:43 reassure pluto[28781]: added connection description "roadwarrior"
Apr 28 12:06:44 reassure pluto[28781]: loaded host cert file '/etc/ipsec.d/reassure.XXXX.XXX.pem' (2752 bytes) Apr 28 12:06:44 reassure pluto[28781]: no passphrase available Apr 28 12:06:44 reassure pluto[28781]: added connection description "roadwarrior-net"
Apr 28 12:06:44 reassure pluto[28781]: listening for IKE messages Apr 28 12:06:44 reassure pluto[28781]: adding interface ipsec0/eth0 xx.xxx.xxx.xxx
Apr 28 12:06:44 reassure pluto[28781]: loading secrets from "/etc/ipsec.secrets"
Apr 28 12:06:44 reassure pluto[28781]: loaded private key file '/etc/ipsec.d/private/reassure.XXXX.XXX.key' (1509 bytes) Apr 28 12:06:44 reassure pluto[28781]: error in PKCS#1 private key Apr 28 12:06:44 reassure pluto[28781]: "/etc/ipsec.secrets" line 11: error loading RSA private key file
Apr 28 12:06:44 reassure ipsec__plutorun: 003 "/etc/ipsec.secrets" line 11: error loading RSA private key file

Here is a copy of the ipsec.conf and ipsec.secrets files.

root@reassure:/etc # cat ipsec.conf
# /etc/ipsec.conf - FreeS/WAN IPsec configuration file

# More elaborate and more varied sample configurations can be found
# in FreeS/WAN's doc/examples file, and in the HTML documentation.

# basic configuration

config setup

        interfaces=%defaultroute
        klipsdebug=none
        plutodebug=none
        plutoload=%search
        plutostart=%search
        uniqueids=yes

conn %default
        keyingtries=1
        compress=yes
        disablearrivalcheck=no
        authby=rsasig
        leftrsasigkey=%cert
        rightrsasigkey=%cert

conn roadwarrior-net
        leftsubnet=10.4.1.0/24
        also=roadwarrior

conn roadwarrior
        keyingtries=1
        keylife=30m
        left=%defaultroute
        leftcert=reassure.XXXX.XXX.pem
        right=%any
        pfs=yes
        auto=add

root@reassure:/etc #

root@reassure:/etc # cat ipsec.secrets
# This file holds shared secrets or RSA private keys for inter-Pluto
# authentication. See ipsec_pluto(8) manpage, and HTML documentation.

# RSA private key for this host, authenticating it to any other host

Do you need help?

: RSA reassure.XXXX.XXX.key "xxxxxx"

I have re-created the CA numerous times in case I made a mistake there (still comes up with the same error), but still am at a loss as I have passphrases on both the CA cert and the subsequent server cert.

Do you possibly have any suggestions for me???

Your help would be greatly be appreciated.

Thanks in advance.

James

Users mailing list
Users@lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users Received on Thu May 1 18:25:19 2003

This message: [ Message body ]
Next message: Lorbeer Jan: "[Users] start connection"
Previous message: Carlos Sierra: "[Users] L2TP+NAT-T BAD_PROPOSAL_SYNTAX"
In reply to Demba Traore: "[Users] net-to-net connection problem"
Next in thread: Lists: "[Users] RE: Unexplained no passphrase error"
Reply: Lists: "[Users] RE: Unexplained no passphrase error"
Reply: Andreas Steffen: "Re: [Users] Unexplained no passphrase error"
Reply: Lists: "[Users] RE: Unexplained no passphrase error"
Reply: Francisco Goulart: "[Users] we have no ipsecN interface for either end this connection on VPN host to host with PSK"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 13:01:28 EDT