|
|||
ikectl error
Hi,
I have been trying to play around with IPSEC to setup a vpn. According to the site that I was following [0] (and also the man page) the first step is to create the ca using ikectl(8). Code:
ikectl ca vpn create Also checking the source-changes, the last time that bss_file.c was changed was on the 11th Nov 2014, although I am not sure if that means much. Not really sure how to further troubleshoot this? Code:
doas ikectl ca vpn create CA passphrase: Retype CA passphrase: Generating RSA private key, 2048 bit long modulus ........+++ ..................+++ e is 65537 (0x10001) You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [FR]: State or Province Name (full name) [NA]: Locality Name (eg, city) [NA]: Organization Name (eg, company) [OpenBSD]: Organizational Unit Name (eg, section) [iked]: Common Name (eg, fully qualified host name) []:example.com Email Address [e@mail.com]: Signature ok subject=/C=FR/ST=NA/L=NA/O=OpenBSD/OU=iked/CN=example.com/emailAddress=e@mail.com Getting Private key Using configuration from /etc/ssl/ikeca.cnf index.txt: No such file or directory unable to open 'index.txt' 30523591434116:error:02001002:system library:fopen:No such file or directory:/usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/bio/bss_file.c:255:fopen('index.txt', 'r') 30523591434116:error:20074002:BIO routines:FILE_CTRL:system lib:/usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/bio/bss_file.c:257: In the /etc/ssl/vpn directory, there is an index.txt file that is created, although it has 0 size. [0]: http://www.mouedine.net/ Last edited by mlesniewskister; 27th July 2015 at 12:36 AM. Reason: Missed a little info |
|
|||
Sorry, I should've also mentioned that the version of the file that they have posted has OpenBSD tags from 2010 so I actually used the latest version of ikeca.cnf from my /usr/src which is "cvs up"d to current also and then adjusted it to my needs.
So it is actually the newest file with last modifcation of: Code:
# $OpenBSD: ikeca.cnf,v 1.6 2014/11/22 18:15:41 deraadt Exp $ |
|
||||
I just attempted to recreate a CA.
From my perspective, the ikectl(8) man page appears incomplete as there are additional provisioning steps required that are not mentioned. I am not clear on what the reparation should be. Should the ikeca.cnf file in the source tree be mentioned in the man page? Should the file be included in the OS? If so, should it be revised to be less reyk@ specific and more general, or should it be more clearly shown to contain sample information to be replaced? Should an empty index.txt file be included in the distribution? These are questions really for reyk@ and the other iked(8) developers. |
|
|||
Thanks very much, I didn't even think to touch index.txt. You are right, it now proceeds successfully.
Well with what you have mentioned that in your opinion the documentation being incorrect and I know that OpenBSD prides itself on having correct docs, I will try to run through the rest of the setup so that I can see if there are other areas/steps that are in need of changes and will send reyk@ a message with my findings and the information you have given to see what he says. |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
shc unistd.h:239: error: syntax error before '&' token | laraaj | OpenBSD General | 3 | 11th September 2010 07:21 AM |
wine error | hamba | FreeBSD Ports and Packages | 12 | 1st December 2008 11:50 AM |
help error | darken | FreeBSD General | 1 | 21st September 2008 09:28 PM |
VLC run error | mfaridi | OpenBSD Packages and Ports | 14 | 29th May 2008 05:38 PM |
error kde | darken | FreeBSD General | 1 | 5th May 2008 08:45 PM |