Libreswan IPSEC with RASSIGKEY

Support for security such as Firewalls and securing linux
Post Reply
Eminent2021
Posts: 29
Joined: 2018/12/03 12:26:41

Libreswan IPSEC with RASSIGKEY

Post by Eminent2021 » 2018/12/26 14:37:01

I'd like to create a tunnel between two networks with libreswan that isolate using rsasigkey. I followed these steps:

Code: Select all

# cd /etc/ipsec.d/
# rm -rf *.db
# ipsec initnss
# certutil -W -d sql:/etc/ipsec.d
I create the nsspassword file and write the following values in it:

Code: Select all

token_1_name:the_password
token_2_name:the_password
And then I created the host key:

Code: Select all

# ipsec newhostkey --nssdir /etc/ipsec.d --password Test \ --output /etc/ipsec.secrets
And in order to showing the rsasigkey:

Code: Select all

# ipsec showhostkey --list --right --ckaid ==3efrfrewaf2e3bxdehg --password Test
The Last step I ran to the problem is creating certificate authority :

Code: Select all

# certutil -S -k rsa -c "ExampleCA" -n "user1" -s "CN=User Common Name" \ -v 12 -t "u,u,u" -d sql:/etc/ipsec.d
This command ask me a password, I enter the password and after the encryption processing is completed asked me to enter the ENTER key and I encountered the following error:
Image
Any help would be appreciated. Thanks

User avatar
TrevorH
Forum Moderator
Posts: 26596
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Libreswan IPSEC with RASSIGKEY

Post by TrevorH » 2018/12/26 15:04:51

Did you previously create a CA (Certificate Authority) certificate? If you did then did you call it "ExampleCA"? If not then you need to change the ExampleCA in your current command to the name you actualyl gave it. If you didn't create one then you need one.
CentOS 5 died in March 2017 - migrate NOW!
CentOS 6 goes EOL sooner rather than later, get upgrading!
Full time Geek, part time moderator. Use the FAQ Luke

Eminent2021
Posts: 29
Joined: 2018/12/03 12:26:41

Re: Libreswan IPSEC with RASSIGKEY

Post by Eminent2021 » 2018/12/27 11:30:34

No, I haven't created any certificate before, When I run the following command :

Code: Select all

certutil -S -k rsa -n "ExampleCA" -s "CN=Example CA Inc" -v 12 \ -t "CT,C,C" -x -d sql:/etc/ipsec.d
Then I get this error:

Code: Select all

certutil -S: trust is required for this command (-t).
I create the /etc/ipsec.d/nsspassword file and put the following values:

Code: Select all

token_1_ExampleCA:Test1
token_2_ExampleCA:Test2
#########################
NSS Certificate DB:secret

Eminent2021
Posts: 29
Joined: 2018/12/03 12:26:41

Re: Libreswan IPSEC with RASSIGKEY

Post by Eminent2021 » 2018/12/28 09:44:46

Please help me

Eminent2021
Posts: 29
Joined: 2018/12/03 12:26:41

Please help ***Libreswan IPSEC with RASSIGKEY***

Post by Eminent2021 » 2018/12/31 17:53:00

Hi folks,
I'd like to create a tunnel between two networks with libreswan that isolate using rsasigkey. I followed these steps:

Code: Select all

# cd /etc/ipsec.d/
# rm -rf *.db
# ipsec initnss
# certutil -W -d sql:/etc/ipsec.d
I create the nsspassword file and write the following values in it:

Code: Select all

token_1_name:the_password
token_2_name:the_password
And then I created the host key:

Code: Select all

# ipsec newhostkey --nssdir /etc/ipsec.d --password Test \ --output /etc/ipsec.secrets

Code: Select all

And in order to showing the rsasigkey:

Code: Select all

# ipsec showhostkey --list --right --ckaid ==3efrfrewaf2e3bxdehg --password Test
The Last step I ran to the problem is creating certificate authority :

Code: Select all

# certutil -S -k rsa -c "ExampleCA" -n "user1" -s "CN=User Common Name" \ -v 12 -t "u,u,u" -d sql:/etc/ipsec.d
This command ask me a password, I enter the password and after the encryption processing is completed asked me to enter the ENTER key and I encountered the following error:
Image

Any help would be appreciated. Thanks all

User avatar
TrevorH
Forum Moderator
Posts: 26596
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Libreswan IPSEC with RASSIGKEY

Post by TrevorH » 2018/12/31 22:39:07

Please don't make duplicate posts. I have merged your new thread into the old one. If no-one replies it's because no-one has an answer for you.
CentOS 5 died in March 2017 - migrate NOW!
CentOS 6 goes EOL sooner rather than later, get upgrading!
Full time Geek, part time moderator. Use the FAQ Luke

Eminent2021
Posts: 29
Joined: 2018/12/03 12:26:41

Re: Libreswan IPSEC with RASSIGKEY

Post by Eminent2021 » 2019/01/01 08:19:42

Have you any idea to solve my problem, please??

Whoever
Posts: 1076
Joined: 2013/09/06 03:12:10

Re: Libreswan IPSEC with RASSIGKEY

Post by Whoever » 2019/01/02 17:24:38

If you have control of both endpoints, use OpenVPN instead.

Post Reply

Return to “CentOS 6 - Security Support”