Just trying to follow the instructions here https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Security_Guide/sec-Securing_Virtual_Private_Networks.html I don't think I am doing anything special. At the point where there is some communication going on Getting this error packet from *****:1024: received Vendor ID payload [Cisco-Unity] Apr 01 17:33:44 carneab4.memset.net pluto[15986]: packet from ***:1024: received Vendor ID payload [Dead Peer Detection] Apr 01 17:33:44 carneab4.memset.net pluto[15986]: packet from *** :1024: initial Main Mode message received on ****:500 but no connection has been authorized with policy RSASIG+IKEV1_ALLOW The errors are so vague. Not sure what the problem is now My conf conn tunnel #phase2alg=aes256-sha1;modp1024 keyexchange=ike #ike=aes256-sha1;modp1024 left=192.168.1.122 leftnexthop=81.129.247.152 # My ISP assigned external ip adresss (I am testing at home) leftrsasigkey=0sAQPs3gZ6GBRJSoy/6RxrL/cMv0JnYEKR/SYmXUCVlkBFNi2D7VJsa17ffvmBUjLLD6/T72M31JvlPhkSzK/YSPpoh8hNtSB4IDlD2WGks+hYlnQ4ZSOaj5LHFRFochUVQAiSWgx4OnvI9cYrj+rDZL/0vtGeLDJiLeTSj3DLfWCi2DG/LzZ1ukQMQCETMb6vZ9YcC21iQUNxEHLVJlTSltVdpyWnWfKvoQ9K3NFiVVsXZ0+puQCHWJqp1OQtesaSCQNzeUgjmhm5W+kVzQ1NkeCz6Me0iQEIzH+b6gdJrjRzgwhU1ZRXfthP4QiIANh9C9uI2VGj1tM05qXm2Ps9KZiholyQSKmjZNXU1RBzQdc2T09WsGRBPFprH8k3nN2MpWkWj1Tljawx7uRoCWtH0UkOhe04kPzZ4M5CHplNEM7fO05DraRt7F99oN2cYuRHCzLD53QwdS8ptw3G1FCiSK7+v3klE0zemBToknFAT5Oy5XiHILLkNccjXmJ12eyw1qUX/jM7r+COGQQfefYbv8fokxJy+dSB2JmPqOT05ssvMw= right=89.200.134.211 rightrsasigkey=0sAQPs3gZ6GBRJSoy/6RxrL/cMv0JnYEKR/SYmXUCVlkBFNi2D7VJsa17ffvmBUjLLD6/T72M31JvlPhkSzK/YSPpoh8hNtSB4IDlD2WGks+hYlnQ4ZSOaj5LHFRFochUVQAiSWgx4OnvI9cYrj+rDZL/0vtGeLDJiLeTSj3DLfWCi2DG/LzZ1ukQMQCETMb6vZ9YcC21iQUNxEHLVJlTSltVdpyWnWfKvoQ9K3NFiVVsXZ0+puQCHWJqp1OQtesaSCQNzeUgjmhm5W+kVzQ1NkeCz6Me0iQEIzH+b6gdJrjRzgwhU1ZRXfthP4QiIANh9C9uI2VGj1tM05qXm2Ps9KZiholyQSKmjZNXU1RBzQdc2T09WsGRBPFprH8k3nN2MpWkWj1Tljawx7uRoCWtH0UkOhe04kPzZ4M5CHplNEM7fO05DraRt7F99oN2cYuRHCzLD53QwdS8ptw3G1FCiSK7+v3klE0zemBToknFAT5Oy5XiHILLkNccjXmJ12eyw1qUX/jM7r+COGQQfefYbv8fokxJy+dSB2JmPqOT05ssvMw= authby=secret|rsasig # load and initiate automatically auto=start conn site1 also=tunnel leftsubnet=10.0.128.0/22 rightsubnet=192.168.1.222/32 conn site2 also=tunnel On 1 April 2016 at 15:58, Eero Volotinen <eero.volotinen at iki.fi> wrote:> So you are using pkcs12 on centos: > > https://www.sslshopper.com/article-most-common-openssl-commands.html > -- > Eero > > 2016-04-01 17:44 GMT+03:00 Glenn Pierce <glennpierce at gmail.com>: > >> Sorry but I have looked for over two days. Trying every command I could >> find. >> >> There is obviously a misunderstanding somewhere. >> >> After generating a key pair with >> ipsec newhostkey --configdir /etc/ipsec.d --output /etc/ipsec.d/my.secrets >> >> I exported to a file with >> ipsec showhostkey --ipseckey > file >> >> The man pages says >> ipsec showhostkey outputs in ipsec.conf(5) format, >> >> Ie >> >> >> ***.server.net. IN IPSECKEY 10 0 2 . >> >> AQPs3gZ6GBRJSoy/6RxrL/cMv0JnYEKR/SYmXUCVlkBFNi2D7VJsa17ffvmBUjLLD6/T72M31JvlPhkSzK/YSPpoh8hNtSB4IDlD2WGks+hYlnQ4ZSOaj5LHFRFochUVQAiSWgx4OnvI9cYrj+rDZL/0vtGeLDJiLeTSj3DLfWCi2DG/LzZ1ukQMQCETMb6vZ9YcC21iQUNxEHLVJlTSltVdpyWnWfKvoQ9K3NFiVVsXZ0+puQCHWJqp1OQtesaSCQNzeUgjmhm5W+kVzQ1NkeCz6Me0iQEIzH+b6gdJrjRzgwhU1ZRXfthP4QiIANh9C9uI2VGj1tM05qXm2Ps9KZiholyQSKmjZNXU1RBzQdc2T09WsGRBPFprH8k3nN2MpWkWj1Tljawx7uRoCWtH0UkOhe04kPzZ4M5CHplNEM7fO05DraRt7F99oN2cYuRHCzLD53QwdS8ptw3G1FCiSK7+v3klE0zemBToknFAT5Oy5XiHILLkNccjXmJ12eyw1qUX/jM7r+COGQQfefYbv8fokxJy+dSB2JmPqOT05ssvMw=>> >> >> is this the format openssl is meant to beable to convert ? or is the >> an intermediate step I am missing as like I said not command I found >> seems to work. >> >> >> On 1 April 2016 at 14:35, Eero Volotinen <eero.volotinen at iki.fi> wrote: >> > It works, try googling for openssl pem conversion >> > 1.4.2016 4.32 ip. "Glenn Pierce" <glennpierce at gmail.com> kirjoitti: >> > >> >> I have tried >> >> openssl rsa -in bicester_left.pub -outform pem > bicester_left.pem >> >> >> >> I get >> >> unable to load Private Key >> >> 140372295030648:error:0906D06C:PEM routines:PEM_read_bio:no start >> >> line:pem_lib.c:701:Expecting: ANY PRIVATE KEY >> >> >> >> >> >> >> >> On 1 April 2016 at 13:59, Eero Volotinen <eero.volotinen at iki.fi> wrote: >> >> > You can do any kind of format conversions with openssl commandline >> >> client. >> >> > >> >> > Eero >> >> > 1.4.2016 3.56 ip. "Glenn Pierce" <glennpierce at gmail.com> kirjoitti: >> >> > >> >> >> Hi I am trying to setup a libreswan vpn between centos 7 and a >> Mikrotik >> >> >> router. >> >> >> >> >> >> I am try to get the keys working. My problem is the Mikrotik router >> >> >> wants the key in PEM format >> >> >> >> >> >> How do I export the keys generated with ipsec newhostkey >> >> >> into PEM format ? >> >> >> >> >> >> >> >> >> Thanks >> >> >> _______________________________________________ >> >> >> CentOS mailing list >> >> >> CentOS at centos.org >> >> >> https://lists.centos.org/mailman/listinfo/centos >> >> >> >> >> > _______________________________________________ >> >> > CentOS mailing list >> >> > CentOS at centos.org >> >> > https://lists.centos.org/mailman/listinfo/centos >> >> _______________________________________________ >> >> CentOS mailing list >> >> CentOS at centos.org >> >> https://lists.centos.org/mailman/listinfo/centos >> >> >> > _______________________________________________ >> > CentOS mailing list >> > CentOS at centos.org >> > https://lists.centos.org/mailman/listinfo/centos >> _______________________________________________ >> CentOS mailing list >> CentOS at centos.org >> https://lists.centos.org/mailman/listinfo/centos >> > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos
You must define connection address and key in ipsec.secrets. -- Eero 2016-04-01 19:38 GMT+03:00 Glenn Pierce <glennpierce at gmail.com>:> Just trying to follow the instructions here > > https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Security_Guide/sec-Securing_Virtual_Private_Networks.html > > I don't think I am doing anything special. > > At the point where there is some communication going on > > Getting this error > > packet from *****:1024: received Vendor ID payload [Cisco-Unity] > Apr 01 17:33:44 carneab4.memset.net pluto[15986]: packet from > ***:1024: received Vendor ID payload [Dead Peer Detection] > Apr 01 17:33:44 carneab4.memset.net pluto[15986]: packet from *** > :1024: initial Main Mode message received on ****:500 but no > connection has been authorized with policy RSASIG+IKEV1_ALLOW > > The errors are so vague. > Not sure what the problem is now > > > > My conf > > > > conn tunnel > #phase2alg=aes256-sha1;modp1024 > keyexchange=ike > #ike=aes256-sha1;modp1024 > left=192.168.1.122 > leftnexthop=81.129.247.152 # My ISP assigned external ip adresss > (I am testing at home) > > leftrsasigkey=0sAQPs3gZ6GBRJSoy/6RxrL/cMv0JnYEKR/SYmXUCVlkBFNi2D7VJsa17ffvmBUjLLD6/T72M31JvlPhkSzK/YSPpoh8hNtSB4IDlD2WGks+hYlnQ4ZSOaj5LHFRFochUVQAiSWgx4OnvI9cYrj+rDZL/0vtGeLDJiLeTSj3DLfWCi2DG/LzZ1ukQMQCETMb6vZ9YcC21iQUNxEHLVJlTSltVdpyWnWfKvoQ9K3NFiVVsXZ0+puQCHWJqp1OQtesaSCQNzeUgjmhm5W+kVzQ1NkeCz6Me0iQEIzH+b6gdJrjRzgwhU1ZRXfthP4QiIANh9C9uI2VGj1tM05qXm2Ps9KZiholyQSKmjZNXU1RBzQdc2T09WsGRBPFprH8k3nN2MpWkWj1Tljawx7uRoCWtH0UkOhe04kPzZ4M5CHplNEM7fO05DraRt7F99oN2cYuRHCzLD53QwdS8ptw3G1FCiSK7+v3klE0zemBToknFAT5Oy5XiHILLkNccjXmJ12eyw1qUX/jM7r+COGQQfefYbv8fokxJy+dSB2JmPqOT05ssvMw=> right=89.200.134.211 > > rightrsasigkey=0sAQPs3gZ6GBRJSoy/6RxrL/cMv0JnYEKR/SYmXUCVlkBFNi2D7VJsa17ffvmBUjLLD6/T72M31JvlPhkSzK/YSPpoh8hNtSB4IDlD2WGks+hYlnQ4ZSOaj5LHFRFochUVQAiSWgx4OnvI9cYrj+rDZL/0vtGeLDJiLeTSj3DLfWCi2DG/LzZ1ukQMQCETMb6vZ9YcC21iQUNxEHLVJlTSltVdpyWnWfKvoQ9K3NFiVVsXZ0+puQCHWJqp1OQtesaSCQNzeUgjmhm5W+kVzQ1NkeCz6Me0iQEIzH+b6gdJrjRzgwhU1ZRXfthP4QiIANh9C9uI2VGj1tM05qXm2Ps9KZiholyQSKmjZNXU1RBzQdc2T09WsGRBPFprH8k3nN2MpWkWj1Tljawx7uRoCWtH0UkOhe04kPzZ4M5CHplNEM7fO05DraRt7F99oN2cYuRHCzLD53QwdS8ptw3G1FCiSK7+v3klE0zemBToknFAT5Oy5XiHILLkNccjXmJ12eyw1qUX/jM7r+COGQQfefYbv8fokxJy+dSB2JmPqOT05ssvMw=> authby=secret|rsasig > # load and initiate automatically > auto=start > > conn site1 > also=tunnel > leftsubnet=10.0.128.0/22 > rightsubnet=192.168.1.222/32 > > conn site2 > also=tunnel > > > > > > > > > On 1 April 2016 at 15:58, Eero Volotinen <eero.volotinen at iki.fi> wrote: > > So you are using pkcs12 on centos: > > > > https://www.sslshopper.com/article-most-common-openssl-commands.html > > -- > > Eero > > > > 2016-04-01 17:44 GMT+03:00 Glenn Pierce <glennpierce at gmail.com>: > > > >> Sorry but I have looked for over two days. Trying every command I could > >> find. > >> > >> There is obviously a misunderstanding somewhere. > >> > >> After generating a key pair with > >> ipsec newhostkey --configdir /etc/ipsec.d --output > /etc/ipsec.d/my.secrets > >> > >> I exported to a file with > >> ipsec showhostkey --ipseckey > file > >> > >> The man pages says > >> ipsec showhostkey outputs in ipsec.conf(5) format, > >> > >> Ie > >> > >> > >> ***.server.net. IN IPSECKEY 10 0 2 . > >> > >> > AQPs3gZ6GBRJSoy/6RxrL/cMv0JnYEKR/SYmXUCVlkBFNi2D7VJsa17ffvmBUjLLD6/T72M31JvlPhkSzK/YSPpoh8hNtSB4IDlD2WGks+hYlnQ4ZSOaj5LHFRFochUVQAiSWgx4OnvI9cYrj+rDZL/0vtGeLDJiLeTSj3DLfWCi2DG/LzZ1ukQMQCETMb6vZ9YcC21iQUNxEHLVJlTSltVdpyWnWfKvoQ9K3NFiVVsXZ0+puQCHWJqp1OQtesaSCQNzeUgjmhm5W+kVzQ1NkeCz6Me0iQEIzH+b6gdJrjRzgwhU1ZRXfthP4QiIANh9C9uI2VGj1tM05qXm2Ps9KZiholyQSKmjZNXU1RBzQdc2T09WsGRBPFprH8k3nN2MpWkWj1Tljawx7uRoCWtH0UkOhe04kPzZ4M5CHplNEM7fO05DraRt7F99oN2cYuRHCzLD53QwdS8ptw3G1FCiSK7+v3klE0zemBToknFAT5Oy5XiHILLkNccjXmJ12eyw1qUX/jM7r+COGQQfefYbv8fokxJy+dSB2JmPqOT05ssvMw=> >> > >> > >> is this the format openssl is meant to beable to convert ? or is the > >> an intermediate step I am missing as like I said not command I found > >> seems to work. > >> > >> > >> On 1 April 2016 at 14:35, Eero Volotinen <eero.volotinen at iki.fi> wrote: > >> > It works, try googling for openssl pem conversion > >> > 1.4.2016 4.32 ip. "Glenn Pierce" <glennpierce at gmail.com> kirjoitti: > >> > > >> >> I have tried > >> >> openssl rsa -in bicester_left.pub -outform pem > bicester_left.pem > >> >> > >> >> I get > >> >> unable to load Private Key > >> >> 140372295030648:error:0906D06C:PEM routines:PEM_read_bio:no start > >> >> line:pem_lib.c:701:Expecting: ANY PRIVATE KEY > >> >> > >> >> > >> >> > >> >> On 1 April 2016 at 13:59, Eero Volotinen <eero.volotinen at iki.fi> > wrote: > >> >> > You can do any kind of format conversions with openssl commandline > >> >> client. > >> >> > > >> >> > Eero > >> >> > 1.4.2016 3.56 ip. "Glenn Pierce" <glennpierce at gmail.com> > kirjoitti: > >> >> > > >> >> >> Hi I am trying to setup a libreswan vpn between centos 7 and a > >> Mikrotik > >> >> >> router. > >> >> >> > >> >> >> I am try to get the keys working. My problem is the Mikrotik > router > >> >> >> wants the key in PEM format > >> >> >> > >> >> >> How do I export the keys generated with ipsec newhostkey > >> >> >> into PEM format ? > >> >> >> > >> >> >> > >> >> >> Thanks > >> >> >> _______________________________________________ > >> >> >> CentOS mailing list > >> >> >> CentOS at centos.org > >> >> >> https://lists.centos.org/mailman/listinfo/centos > >> >> >> > >> >> > _______________________________________________ > >> >> > CentOS mailing list > >> >> > CentOS at centos.org > >> >> > https://lists.centos.org/mailman/listinfo/centos > >> >> _______________________________________________ > >> >> CentOS mailing list > >> >> CentOS at centos.org > >> >> https://lists.centos.org/mailman/listinfo/centos > >> >> > >> > _______________________________________________ > >> > CentOS mailing list > >> > CentOS at centos.org > >> > https://lists.centos.org/mailman/listinfo/centos > >> _______________________________________________ > >> CentOS mailing list > >> CentOS at centos.org > >> https://lists.centos.org/mailman/listinfo/centos > >> > > _______________________________________________ > > CentOS mailing list > > CentOS at centos.org > > https://lists.centos.org/mailman/listinfo/centos > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos >
I generated according to the docs . Which produced my server.secrets as below used the command ipsec newhostkey --configdir /etc/ipsec.d --output /etc/ipsec.d/www.example.com.secrets : RSA { # RSA 3328 bits ***.**.net Fri Apr 1 15:39:32 2016 # for signatures only, UNSAFE FOR ENCRYPTION #pubkey=0sAQPs3gZ6GBRJSoy/6RxrL/cMv0JnYEKR/SYmXUCVlkBFNi2D7VJsa17ffvmBUjLLD6/T72M31JvlPhkSzK/YSPpoh8hNtSB4IDlD2WGks+hYlnQ4ZSOaj5LHFRFochUVQAiSWgx4OnvI9cYrj+rDZL/0vtGeLDJiLeTSj3DLfWCi2DG/LzZ1ukQMQCETMb6vZ9YcC21iQUNxEHLVJlTSltVdpyWnWfKvoQ9K3NFiVVsXZ0+puQCHWJqp1OQtesaSCQNzeUgjmhm5W+kVzQ1NkeCz6Me0iQEIzH+b6gdJrjRzgwhU1ZRXfthP4QiIANh9C9uI2VGj1tM05qXm2Ps9KZiholyQSKmjZNXU1RBzQdc2T09WsGRBPFprH8k3nN2MpWkWj1Tljawx7uRoCWtH0UkOhe04kPzZ4M5CHplNEM7fO05DraRt7F99oN2cYuRHCzLD53QwdS8ptw3G1FCiSK7+v3klE0zemBToknFAT5Oy5XiHILLkNccjXmJ12eyw1qUX/jM7r+COGQQfefYbv8fokxJy+dSB2JmPqOT05ssvMw= Modulus: 0xecde067a1814494a8cbfe91c6b2ff70cbf4267604291fd26265d4095964045362d83ed526c6b5edf7ef9815232cb0fafd3ef6337d49be53e1912ccafd848fa6887c84db52078203943d961a4b3e85896743865239a8f92c71511687215154008925a0c783a7bc8f5c62b8feac364bff4bed19e2c32622de4d28f70cb7d60a2d831bf2f3675ba440c40211331beaf67d61c0b6d624143711072d52654d296d55da725a759f2afa10f4adcd162555b17674fa9b90087589aa9d4e42d7ac6920903737948239a19b95be915cd0d4d91e0b3e8c7b4890108cc7f9bea0749ae3473830854d594577ed84fe1088800d87d0bdb88d951a3d6d334e6a5e6d8fb3d2998a1a25c9048a9a364d5d4d5107341d7364f4f56b064413c5a6b1fc9379cdd8ca569168f54e58dac31eee468096b47d1490e85ed3890fcd9e0ce421e994d10cedf3b4e43ada46dec5f7da0dd9c62e4470b32c3e77430752f29b70dc6d450a248aefebf7925134cde9814e89271404f93b2e5788720b2e435c7235e6275d9ecb0d6a517fe333bafe08e19041f79f61bbfc7e8931272f9d481d8998fa8e4f4e6cb2f33 PublicExponent: 0x03 # everything after this point is CKA_ID in hex format - not the real values PrivateExponent: 0x3d2c8bd4f34e4a395a5f57dd3d2211c8cbb82514 Prime1: 0x3d2c8bd4f34e4a395a5f57dd3d2211c8cbb82514 Prime2: 0x3d2c8bd4f34e4a395a5f57dd3d2211c8cbb82514 Exponent1: 0x3d2c8bd4f34e4a395a5f57dd3d2211c8cbb82514 Exponent2: 0x3d2c8bd4f34e4a395a5f57dd3d2211c8cbb82514 Coefficient: 0x3d2c8bd4f34e4a395a5f57dd3d2211c8cbb82514 CKAIDNSS: 0x3d2c8bd4f34e4a395a5f57dd3d2211c8cbb82514 } # do not change the indenting of that "}" On 1 April 2016 at 18:04, Eero Volotinen <eero.volotinen at iki.fi> wrote:> You must define connection address and key in ipsec.secrets. > > -- > Eero > > > 2016-04-01 19:38 GMT+03:00 Glenn Pierce <glennpierce at gmail.com>: > >> Just trying to follow the instructions here >> >> https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Security_Guide/sec-Securing_Virtual_Private_Networks.html >> >> I don't think I am doing anything special. >> >> At the point where there is some communication going on >> >> Getting this error >> >> packet from *****:1024: received Vendor ID payload [Cisco-Unity] >> Apr 01 17:33:44 carneab4.memset.net pluto[15986]: packet from >> ***:1024: received Vendor ID payload [Dead Peer Detection] >> Apr 01 17:33:44 carneab4.memset.net pluto[15986]: packet from *** >> :1024: initial Main Mode message received on ****:500 but no >> connection has been authorized with policy RSASIG+IKEV1_ALLOW >> >> The errors are so vague. >> Not sure what the problem is now >> >> >> >> My conf >> >> >> >> conn tunnel >> #phase2alg=aes256-sha1;modp1024 >> keyexchange=ike >> #ike=aes256-sha1;modp1024 >> left=192.168.1.122 >> leftnexthop=81.129.247.152 # My ISP assigned external ip adresss >> (I am testing at home) >> >> leftrsasigkey=0sAQPs3gZ6GBRJSoy/6RxrL/cMv0JnYEKR/SYmXUCVlkBFNi2D7VJsa17ffvmBUjLLD6/T72M31JvlPhkSzK/YSPpoh8hNtSB4IDlD2WGks+hYlnQ4ZSOaj5LHFRFochUVQAiSWgx4OnvI9cYrj+rDZL/0vtGeLDJiLeTSj3DLfWCi2DG/LzZ1ukQMQCETMb6vZ9YcC21iQUNxEHLVJlTSltVdpyWnWfKvoQ9K3NFiVVsXZ0+puQCHWJqp1OQtesaSCQNzeUgjmhm5W+kVzQ1NkeCz6Me0iQEIzH+b6gdJrjRzgwhU1ZRXfthP4QiIANh9C9uI2VGj1tM05qXm2Ps9KZiholyQSKmjZNXU1RBzQdc2T09WsGRBPFprH8k3nN2MpWkWj1Tljawx7uRoCWtH0UkOhe04kPzZ4M5CHplNEM7fO05DraRt7F99oN2cYuRHCzLD53QwdS8ptw3G1FCiSK7+v3klE0zemBToknFAT5Oy5XiHILLkNccjXmJ12eyw1qUX/jM7r+COGQQfefYbv8fokxJy+dSB2JmPqOT05ssvMw=>> right=89.200.134.211 >> >> rightrsasigkey=0sAQPs3gZ6GBRJSoy/6RxrL/cMv0JnYEKR/SYmXUCVlkBFNi2D7VJsa17ffvmBUjLLD6/T72M31JvlPhkSzK/YSPpoh8hNtSB4IDlD2WGks+hYlnQ4ZSOaj5LHFRFochUVQAiSWgx4OnvI9cYrj+rDZL/0vtGeLDJiLeTSj3DLfWCi2DG/LzZ1ukQMQCETMb6vZ9YcC21iQUNxEHLVJlTSltVdpyWnWfKvoQ9K3NFiVVsXZ0+puQCHWJqp1OQtesaSCQNzeUgjmhm5W+kVzQ1NkeCz6Me0iQEIzH+b6gdJrjRzgwhU1ZRXfthP4QiIANh9C9uI2VGj1tM05qXm2Ps9KZiholyQSKmjZNXU1RBzQdc2T09WsGRBPFprH8k3nN2MpWkWj1Tljawx7uRoCWtH0UkOhe04kPzZ4M5CHplNEM7fO05DraRt7F99oN2cYuRHCzLD53QwdS8ptw3G1FCiSK7+v3klE0zemBToknFAT5Oy5XiHILLkNccjXmJ12eyw1qUX/jM7r+COGQQfefYbv8fokxJy+dSB2JmPqOT05ssvMw=>> authby=secret|rsasig >> # load and initiate automatically >> auto=start >> >> conn site1 >> also=tunnel >> leftsubnet=10.0.128.0/22 >> rightsubnet=192.168.1.222/32 >> >> conn site2 >> also=tunnel >> >> >> >> >> >> >> >> >> On 1 April 2016 at 15:58, Eero Volotinen <eero.volotinen at iki.fi> wrote: >> > So you are using pkcs12 on centos: >> > >> > https://www.sslshopper.com/article-most-common-openssl-commands.html >> > -- >> > Eero >> > >> > 2016-04-01 17:44 GMT+03:00 Glenn Pierce <glennpierce at gmail.com>: >> > >> >> Sorry but I have looked for over two days. Trying every command I could >> >> find. >> >> >> >> There is obviously a misunderstanding somewhere. >> >> >> >> After generating a key pair with >> >> ipsec newhostkey --configdir /etc/ipsec.d --output >> /etc/ipsec.d/my.secrets >> >> >> >> I exported to a file with >> >> ipsec showhostkey --ipseckey > file >> >> >> >> The man pages says >> >> ipsec showhostkey outputs in ipsec.conf(5) format, >> >> >> >> Ie >> >> >> >> >> >> ***.server.net. IN IPSECKEY 10 0 2 . >> >> >> >> >> AQPs3gZ6GBRJSoy/6RxrL/cMv0JnYEKR/SYmXUCVlkBFNi2D7VJsa17ffvmBUjLLD6/T72M31JvlPhkSzK/YSPpoh8hNtSB4IDlD2WGks+hYlnQ4ZSOaj5LHFRFochUVQAiSWgx4OnvI9cYrj+rDZL/0vtGeLDJiLeTSj3DLfWCi2DG/LzZ1ukQMQCETMb6vZ9YcC21iQUNxEHLVJlTSltVdpyWnWfKvoQ9K3NFiVVsXZ0+puQCHWJqp1OQtesaSCQNzeUgjmhm5W+kVzQ1NkeCz6Me0iQEIzH+b6gdJrjRzgwhU1ZRXfthP4QiIANh9C9uI2VGj1tM05qXm2Ps9KZiholyQSKmjZNXU1RBzQdc2T09WsGRBPFprH8k3nN2MpWkWj1Tljawx7uRoCWtH0UkOhe04kPzZ4M5CHplNEM7fO05DraRt7F99oN2cYuRHCzLD53QwdS8ptw3G1FCiSK7+v3klE0zemBToknFAT5Oy5XiHILLkNccjXmJ12eyw1qUX/jM7r+COGQQfefYbv8fokxJy+dSB2JmPqOT05ssvMw=>> >> >> >> >> >> is this the format openssl is meant to beable to convert ? or is the >> >> an intermediate step I am missing as like I said not command I found >> >> seems to work. >> >> >> >> >> >> On 1 April 2016 at 14:35, Eero Volotinen <eero.volotinen at iki.fi> wrote: >> >> > It works, try googling for openssl pem conversion >> >> > 1.4.2016 4.32 ip. "Glenn Pierce" <glennpierce at gmail.com> kirjoitti: >> >> > >> >> >> I have tried >> >> >> openssl rsa -in bicester_left.pub -outform pem > bicester_left.pem >> >> >> >> >> >> I get >> >> >> unable to load Private Key >> >> >> 140372295030648:error:0906D06C:PEM routines:PEM_read_bio:no start >> >> >> line:pem_lib.c:701:Expecting: ANY PRIVATE KEY >> >> >> >> >> >> >> >> >> >> >> >> On 1 April 2016 at 13:59, Eero Volotinen <eero.volotinen at iki.fi> >> wrote: >> >> >> > You can do any kind of format conversions with openssl commandline >> >> >> client. >> >> >> > >> >> >> > Eero >> >> >> > 1.4.2016 3.56 ip. "Glenn Pierce" <glennpierce at gmail.com> >> kirjoitti: >> >> >> > >> >> >> >> Hi I am trying to setup a libreswan vpn between centos 7 and a >> >> Mikrotik >> >> >> >> router. >> >> >> >> >> >> >> >> I am try to get the keys working. My problem is the Mikrotik >> router >> >> >> >> wants the key in PEM format >> >> >> >> >> >> >> >> How do I export the keys generated with ipsec newhostkey >> >> >> >> into PEM format ? >> >> >> >> >> >> >> >> >> >> >> >> Thanks >> >> >> >> _______________________________________________ >> >> >> >> CentOS mailing list >> >> >> >> CentOS at centos.org >> >> >> >> https://lists.centos.org/mailman/listinfo/centos >> >> >> >> >> >> >> > _______________________________________________ >> >> >> > CentOS mailing list >> >> >> > CentOS at centos.org >> >> >> > https://lists.centos.org/mailman/listinfo/centos >> >> >> _______________________________________________ >> >> >> CentOS mailing list >> >> >> CentOS at centos.org >> >> >> https://lists.centos.org/mailman/listinfo/centos >> >> >> >> >> > _______________________________________________ >> >> > CentOS mailing list >> >> > CentOS at centos.org >> >> > https://lists.centos.org/mailman/listinfo/centos >> >> _______________________________________________ >> >> CentOS mailing list >> >> CentOS at centos.org >> >> https://lists.centos.org/mailman/listinfo/centos >> >> >> > _______________________________________________ >> > CentOS mailing list >> > CentOS at centos.org >> > https://lists.centos.org/mailman/listinfo/centos >> _______________________________________________ >> CentOS mailing list >> CentOS at centos.org >> https://lists.centos.org/mailman/listinfo/centos >> > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos