DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Security

OpenBSD Security Functionally paranoid!

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1   (View Single Post)  
Old 7th September 2009
mikesg's Avatar
mikesg mikesg is offline
I can has a title?
 
Join Date: Aug 2009
Posts: 26
Thanked 1 Time in 1 Post
Default IPSec Tunnel - no public key found

So on the advice of the people who will probably respond to this thread, I am working on an IPSec tunnel between two OpenBSD 4.3 gateway/firewalls. I'm following the guide "Zero to IPSec in 4 minutes" as well as some of the comments in my first attempt. My current setup:

Network A - ipsec.conf:
Code:
local_ip="1.2.3.4"
local_network="192.168.10.0/24"
remote_ip="5.6.7.8"
remote_network="192.168.111.0/24"
ike esp from { $local_ip $local_network } to { $remote_ip $remote_network } peer $remote_ip
ike esp from $local_ip to $remote_ip
Network B - ipsec.conf:
Code:
local_ip="5.6.7.8"
local_network="192.168.111.0/24"
remote_ip="1.2.3.4"
remote_network="192.168.10.0/24"
ike passive esp from { $local_ip $local_network } to { $remote_ip $remote_network } peer $remote_ip
ike passive esp from $local_ip to $remote_ip
I generated the local.pub on each machine with the following command:
Code:
openssl rsa -out /etc/isakmpd/private/local.pub -in /etc/isakmpd/private/local.key -pubout
I copied the contents of the local.pub file on each machine to the opposite into the /etc/isakmpd/pubkeys/ipv4/1.2.3.4 (& 5.6.7.8 on the other computer) without the .pub extension.

I've added/changed the following to pf.conf on each machine:
Code:
set skip on { lo enc0 }
pass quick on $ext_if from 1.2.3.4 (& 5.6.7.8 on the opposite)
When I run isakmpd -K -d, then ipsecctl -f ipsec.conf the tunnel doesn't open, and I get this:
Code:
201343.935936 Default get_raw_key_from_file: failed to get public key /etc/isakmpd/pubkeys//ipv4/5.6.7.8
201343.936385 Default rsa_sig_decode_hash: no public key found
201343.936525 Default dropped message from 5.6.7.8 port 500 due to notification type INVALID_ID_INFORMATION
Why am I having key problems? Even with -v on isakmpd I see no additional information that can help me.
Reply With Quote
 

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Tunnel to Proxy PatrickBaer General software and network 2 11th August 2008 03:32 PM
secure ssh with public key milo974 OpenBSD Security 11 9th July 2008 04:52 PM
Multiple IPSEC Tunnel problem RMSZaphod FreeBSD Security 1 28th June 2008 10:08 AM
OS to run in a public computer? Sunnz Off-Topic 31 23rd May 2008 05:47 PM


All times are GMT. The time now is 01:28 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick