View Single Post
  #1   (View Single Post)  
Old 7th September 2009
mikesg's Avatar
mikesg mikesg is offline
I can has a title?
 
Join Date: Aug 2009
Posts: 28
Default IPSec Tunnel - no public key found

So on the advice of the people who will probably respond to this thread, I am working on an IPSec tunnel between two OpenBSD 4.3 gateway/firewalls. I'm following the guide "Zero to IPSec in 4 minutes" as well as some of the comments in my first attempt. My current setup:

Network A - ipsec.conf:
Code:
local_ip="1.2.3.4"
local_network="192.168.10.0/24"
remote_ip="5.6.7.8"
remote_network="192.168.111.0/24"
ike esp from { $local_ip $local_network } to { $remote_ip $remote_network } peer $remote_ip
ike esp from $local_ip to $remote_ip
Network B - ipsec.conf:
Code:
local_ip="5.6.7.8"
local_network="192.168.111.0/24"
remote_ip="1.2.3.4"
remote_network="192.168.10.0/24"
ike passive esp from { $local_ip $local_network } to { $remote_ip $remote_network } peer $remote_ip
ike passive esp from $local_ip to $remote_ip
I generated the local.pub on each machine with the following command:
Code:
openssl rsa -out /etc/isakmpd/private/local.pub -in /etc/isakmpd/private/local.key -pubout
I copied the contents of the local.pub file on each machine to the opposite into the /etc/isakmpd/pubkeys/ipv4/1.2.3.4 (& 5.6.7.8 on the other computer) without the .pub extension.

I've added/changed the following to pf.conf on each machine:
Code:
set skip on { lo enc0 }
pass quick on $ext_if from 1.2.3.4 (& 5.6.7.8 on the opposite)
When I run isakmpd -K -d, then ipsecctl -f ipsec.conf the tunnel doesn't open, and I get this:
Code:
201343.935936 Default get_raw_key_from_file: failed to get public key /etc/isakmpd/pubkeys//ipv4/5.6.7.8
201343.936385 Default rsa_sig_decode_hash: no public key found
201343.936525 Default dropped message from 5.6.7.8 port 500 due to notification type INVALID_ID_INFORMATION
Why am I having key problems? Even with -v on isakmpd I see no additional information that can help me.
Reply With Quote