similar to: Libreswan PEM format

I have tried openssl rsa -in bicester_left.pub -outform pem > bicester_left.pem I get unable to load Private Key 140372295030648:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:701:Expecting: ANY PRIVATE KEY On 1 April 2016 at 13:59, Eero Volotinen <eero.volotinen at iki.fi> wrote: > You can do any kind of format conversions with openssl commandline client. >

Sorry but I have looked for over two days. Trying every command I could find. There is obviously a misunderstanding somewhere. After generating a key pair with ipsec newhostkey --configdir /etc/ipsec.d --output /etc/ipsec.d/my.secrets I exported to a file with ipsec showhostkey --ipseckey > file The man pages says ipsec showhostkey outputs in ipsec.conf(5) format, Ie ***.server.net.

Just trying to follow the instructions here https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Security_Guide/sec-Securing_Virtual_Private_Networks.html I don't think I am doing anything special. At the point where there is some communication going on Getting this error packet from *****:1024: received Vendor ID payload [Cisco-Unity] Apr 01 17:33:44

I generated according to the docs . Which produced my server.secrets as below used the command ipsec newhostkey --configdir /etc/ipsec.d --output /etc/ipsec.d/www.example.com.secrets : RSA { # RSA 3328 bits ***.**.net Fri Apr 1 15:39:32 2016 # for signatures only, UNSAFE FOR ENCRYPTION

So you are using pkcs12 on centos: https://www.sslshopper.com/article-most-common-openssl-commands.html -- Eero 2016-04-01 17:44 GMT+03:00 Glenn Pierce <glennpierce at gmail.com>: > Sorry but I have looked for over two days. Trying every command I could > find. > > There is obviously a misunderstanding somewhere. > > After generating a key pair with > ipsec newhostkey

IPSec is very complex with certificates. try first with PSK authentication and then with certificates -- Eero 2016-04-01 20:21 GMT+03:00 Glenn Pierce <glennpierce at gmail.com>: > I generated according to the docs . Which produced > my server.secrets as below > > used the command > > ipsec newhostkey --configdir /etc/ipsec.d --output >

You must define connection address and key in ipsec.secrets. -- Eero 2016-04-01 19:38 GMT+03:00 Glenn Pierce <glennpierce at gmail.com>: > Just trying to follow the instructions here > > https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Security_Guide/sec-Securing_Virtual_Private_Networks.html > > I don't think I am doing anything special.

It works, try googling for openssl pem conversion 1.4.2016 4.32 ip. "Glenn Pierce" <glennpierce at gmail.com> kirjoitti: > I have tried > openssl rsa -in bicester_left.pub -outform pem > bicester_left.pem > > I get > unable to load Private Key > 140372295030648:error:0906D06C:PEM routines:PEM_read_bio:no start > line:pem_lib.c:701:Expecting: ANY PRIVATE KEY

You can do any kind of format conversions with openssl commandline client. Eero 1.4.2016 3.56 ip. "Glenn Pierce" <glennpierce at gmail.com> kirjoitti: > Hi I am trying to setup a libreswan vpn between centos 7 and a Mikrotik > router. > > I am try to get the keys working. My problem is the Mikrotik router > wants the key in PEM format > > How do I export the

Err. Sounds like security nightmare. 21.3.2016 7.47 ip. "Glenn Pierce" <glennpierce at gmail.com> kirjoitti: > Will ask my boss :) We are hosted on memset so not so easy to update > > Thanks > > On 21 March 2016 at 17:36, Eero Volotinen <eero.volotinen at iki.fi> wrote: > > Centos 5 is still soon end of life. Using it as ipsec gateway is .. > >

I second Eero's comment, use a new IPSec daemon. Openswan was forked and became Libreswan. Paul, now a RH employee, was a main developer for the Openswan project before he and others created the Libreswan fork. https://libreswan.org/ EL6 has Openswan EL7 has Libreswan Racoon isn't all that fun to work with. If you have the option, ditch it and EL5 and move to a newer platform

Centos 5 is still soon end of life. Using it as ipsec gateway is .. Eero 21.3.2016 7.25 ip. "Mike - st257" <silvertip257 at gmail.com> kirjoitti: > On Mon, Mar 21, 2016 at 1:17 PM, Mike - st257 <silvertip257 at gmail.com> > wrote: > > > I second Eero's comment, use a new IPSec daemon. > > > > Openswan was forked and became Libreswan. Paul, now

Hi I hope someone can answer something I'm sure is quite basic. I am following the instructions at https://www.centos.org/docs/5/html/Deployment_Guide-en-US/ch-vpn.html On setting up a VPN The part I am having trouble with is when it show the /etc/racoon/racoon.conf file. But it doesn't say whay you have to do with this file. When I bring up my connection ifup bicester I get RTNETLINK

How to inst that Network manager please ================ Worthy agent of Light ================ Jules Irenge MSc Student University of Liverpool

On 6.5, I've got openswan installed, but yum update is wanting to install libreswan. If libreswan is intended to replace openswan, wouldn't the appropriate yum transactions have been created to remove opnswan first? I'm stumped. Advice appreciated. Fred -- ------------------------------------------------------------------------------- Under no circumstances will I ever purchase

On 04/01/2016 07:44 AM, Glenn Pierce wrote: > Ie > ***.server.net. IN IPSECKEY 10 0 2 . Was that a key that you generated as an example, or your actual VPN key? The fact that you obscured part of it makes me think it might be the latter, but if that's the case, you really should generate a new key for your server. The part you obscured isn't the sensitive part.

Is there any way to obtain the public key from the private key? I know it's in host file however for the purpose of this message I need to be able to generate it on the command line. I tried openssl ec < ed25519_key.priv I get an error read EC key unable to load Key 140092556813984:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:703:Expecting: ANY PRIVATE KEY

I get error: %SSHD-3-ERROR: Could not load host key: /tmp/ssh_host_dsa_key: Bad file descriptor Jan 26 23:58:52: %SSHD-6-INFO: Disabling protocol version 2. Could not load host key Everything looks okay, the file exists, (it was generated using command: ssh-keygen -d -f ssh_host_dsa_key -N '') I also do 'ls' and find the file exists with permissions: -rw------- 1 root group

hey friends, I am trying to make postfix run with tls in chroot mode, but I am not able to send the messages with tls on. I am using postfix 2.2.10 on centos 4.0 and I had compiled the postfix from sources with tls & cyrus-sasl support. I copied the certificates from /usr/share/ssl to /etc/postfix. Below are the errors I am getting: May 25 13:27:51 test1 postfix/smtpd[4095]: warning: TLS

Hello, it looks like the usual way to do ipsec on centos5 won't work anymore on centos6 I installed ipsec-tools but an interface type IPsec is not recognized by the kernel ifup ipsec0 Device does not seem to be present, delaying initialization. I am not planning to use the awful OpenSwan, I Want to sue the Kame implementation which was working fine on CentOS5 any hints ? thank you