Displaying 12 results from an estimated 12 matches for "rsasig".
2016 Apr 01
2
Libreswan PEM format
...mset.net pluto[15986]: packet from
>> ***:1024: received Vendor ID payload [Dead Peer Detection]
>> Apr 01 17:33:44 carneab4.memset.net pluto[15986]: packet from ***
>> :1024: initial Main Mode message received on ****:500 but no
>> connection has been authorized with policy RSASIG+IKEV1_ALLOW
>>
>> The errors are so vague.
>> Not sure what the problem is now
>>
>>
>>
>> My conf
>>
>>
>>
>> conn tunnel
>> #phase2alg=aes256-sha1;modp1024
>> keyexchange=ike
>> #ike=aes256-sha1;modp10...
2016 Apr 01
2
Libreswan PEM format
...o-Unity]
Apr 01 17:33:44 carneab4.memset.net pluto[15986]: packet from
***:1024: received Vendor ID payload [Dead Peer Detection]
Apr 01 17:33:44 carneab4.memset.net pluto[15986]: packet from ***
:1024: initial Main Mode message received on ****:500 but no
connection has been authorized with policy RSASIG+IKEV1_ALLOW
The errors are so vague.
Not sure what the problem is now
My conf
conn tunnel
#phase2alg=aes256-sha1;modp1024
keyexchange=ike
#ike=aes256-sha1;modp1024
left=192.168.1.122
leftnexthop=81.129.247.152 # My ISP assigned external ip adresss
(I am testing at home...
2007 Feb 03
0
ipsec and x509 certificate
...sec,min,hour
initial_contact on;
proposal_check obey; # obey, strict or claim
certificate_type x509 "slave1.public" "slave1.private";
proposal {
encryption_algorithm 3des;
hash_algorithm sha1;
authentication_method rsasig;
dh_group 2 ;
}
}
sainfo anonymous
{
pfs_group 1;
lifetime time 2 min;
encryption_algorithm 3des ;
authentication_algorithm hmac_sha1;
compression_algorithm deflate ;
}
remote 192.168.0.29
{
exchange_mode aggressive,main;
my_identifier asn...
2016 Apr 01
0
Libreswan PEM format
...3:44 carneab4.memset.net pluto[15986]: packet from
> ***:1024: received Vendor ID payload [Dead Peer Detection]
> Apr 01 17:33:44 carneab4.memset.net pluto[15986]: packet from ***
> :1024: initial Main Mode message received on ****:500 but no
> connection has been authorized with policy RSASIG+IKEV1_ALLOW
>
> The errors are so vague.
> Not sure what the problem is now
>
>
>
> My conf
>
>
>
> conn tunnel
> #phase2alg=aes256-sha1;modp1024
> keyexchange=ike
> #ike=aes256-sha1;modp1024
> left=192.168.1.122
> leftnexthop=81.1...
2004 Sep 24
2
strange behavior of ipsec tunnel mode
...send_cr on;
verify_cert on;
lifetime time 300 sec;
passive off;
proposal_check strict;
nonce_size 256;
proposal {
encryption_algorithm blowfish 448;
hash_algorithm sha1 512;
authentication_method rsasig;
dh_group modp4096;
lifetime time 300 sec;
}
}
sainfo anonymous {
pfs_group modp4096;
lifetime time 300 sec;
encryption_algorithm rijndael 256;
authentication_algorithm hmac_sha1;
compression_algorithm deflate;
}
padding...
2016 Apr 01
0
Libreswan PEM format
...]: packet from
> >> ***:1024: received Vendor ID payload [Dead Peer Detection]
> >> Apr 01 17:33:44 carneab4.memset.net pluto[15986]: packet from ***
> >> :1024: initial Main Mode message received on ****:500 but no
> >> connection has been authorized with policy RSASIG+IKEV1_ALLOW
> >>
> >> The errors are so vague.
> >> Not sure what the problem is now
> >>
> >>
> >>
> >> My conf
> >>
> >>
> >>
> >> conn tunnel
> >> #phase2alg=aes256-sha1;modp1024
>...
2004 Sep 04
0
Ipsec and kernel 2.6.8
...Racoon.conf
remote 192.168.1.1
{
exchange_mode main;
my_identifier asn1dn;
peers_identifier asn1dn;
certificate_type x509 "Memphis.public" "Memphis.private";
peers_certfile "Zeus.public";
proposal{
encryption_algorithm 3des;
hash_algorithm sha1;
authentication_method rsasig;
dh_group modp1024; #I don''t understand this option
}
}
sainfo anonymous
{
pfs_group modp1024; #I don''t understand this option
lifetime time 2 min;
encryption_algorithm 3des;
authentication_algorithm hmac_md5;
compression_algorithm deflate;
}
__________________________________...
2016 Apr 01
5
Libreswan PEM format
Sorry but I have looked for over two days. Trying every command I could find.
There is obviously a misunderstanding somewhere.
After generating a key pair with
ipsec newhostkey --configdir /etc/ipsec.d --output /etc/ipsec.d/my.secrets
I exported to a file with
ipsec showhostkey --ipseckey > file
The man pages says
ipsec showhostkey outputs in ipsec.conf(5) format,
Ie
***.server.net.
2003 Oct 26
4
linux-xp x509 ipsec connection
...specification
# /etc/ipsec.conf - FreeS/WAN IPSEC configuration file
# More elaborate and more varied sample configurations can be found
# in doc/examples.
# basic configuration
config setup
interfaces="ipsec0=ppp0"
klipsdebug=none
plutodebug=none
conn %default
authby=rsasig
leftrsasigkey=%cert
rightrsasigkey=%cert
conn roadwarrior
compress=no
left=xxxxxx.dnsalias.org
lefsubnet=192.168.1.0/24
leftcert=chivas.hectordenis.net.pem
pfs=yes
right=%any
auto=add
*************************************************************************************
ipsec on the XP s...
2005 May 12
1
Has anybody managed to get native IPSec working?
...quot;/etc/racoon/certs/host-a.public"
"/etc/racoon/certs/host-a.private";
peers_certfile "/etc/racoon/certs/host-b.public";
proposal {
encryption_algorithm 3des;
hash_algorithm sha1;
authentication_method rsasig;
dh_group 2;
}
}
The racoon.conf file looks like this (I made no changes to it, as
installed by ipsec-tools, include statement added by ifup-ipsec script):
# Racoon IKE daemon configuration file.
# See 'man racoon.conf' for a description of the format and entrie...
2007 Sep 03
3
Shorewall + IPSec: help debugging why gw1<->gw2 SA works, but loc<->gw2 traffic doesn't trigger SA
...em";
> verify_cert on;
> my_identifier asn1dn ;
> peers_identifier asn1dn ;
> verify_identifier on ;
> lifetime time 24 hour ;
> proposal {
> encryption_algorithm blowfish;
> hash_algorithm sha1;
> authentication_method rsasig ;
> dh_group 2 ;
> }
> }
>
> sainfo address 192.168.3.0/24 any address 1.2.3.4/32 any
> {
> pfs_group 2;
> lifetime time 12 hour ;
> encryption_algorithm blowfish ;
> authentication_algorithm hmac_sha1, hmac_md5 ;
> compression_algori...
2007 Nov 15
2
IPSEC help
...e_type x509 "bsd.public" "bsd.priv" ;
lifetime time 24 hour ; # sec,min,hour
#initial_contact off ;
#passive on ;
# phase 1 proposal (for ISAKMP SA)
proposal {
encryption_algorithm 3des;
hash_algorithm sha1;
authentication_method rsasig ;
dh_group 2 ;
}
# the configuration makes racoon (as a responder) to obey the
# initiator's lifetime and PFS group proposal.
# this makes testing so much easier.
proposal_check obey;
}
# phase 2 proposal (for IPsec SA).
# actual phase 2 proposal will obey the foll...