Page 1 of 1

Libreswan IPSEC with RASSIGKEY

Posted: 2018/12/26 14:37:01
by Eminent2021
I'd like to create a tunnel between two networks with libreswan that isolate using rsasigkey. I followed these steps:

Code: Select all

# cd /etc/ipsec.d/
# rm -rf *.db
# ipsec initnss
# certutil -W -d sql:/etc/ipsec.d
I create the nsspassword file and write the following values in it:

Code: Select all

token_1_name:the_password
token_2_name:the_password
And then I created the host key:

Code: Select all

# ipsec newhostkey --nssdir /etc/ipsec.d --password Test \ --output /etc/ipsec.secrets
And in order to showing the rsasigkey:

Code: Select all

# ipsec showhostkey --list --right --ckaid ==3efrfrewaf2e3bxdehg --password Test
The Last step I ran to the problem is creating certificate authority :

Code: Select all

# certutil -S -k rsa -c "ExampleCA" -n "user1" -s "CN=User Common Name" \ -v 12 -t "u,u,u" -d sql:/etc/ipsec.d
This command ask me a password, I enter the password and after the encryption processing is completed asked me to enter the ENTER key and I encountered the following error:
Image
Any help would be appreciated. Thanks

Re: Libreswan IPSEC with RASSIGKEY

Posted: 2018/12/26 15:04:51
by TrevorH
Did you previously create a CA (Certificate Authority) certificate? If you did then did you call it "ExampleCA"? If not then you need to change the ExampleCA in your current command to the name you actualyl gave it. If you didn't create one then you need one.

Re: Libreswan IPSEC with RASSIGKEY

Posted: 2018/12/27 11:30:34
by Eminent2021
No, I haven't created any certificate before, When I run the following command :

Code: Select all

certutil -S -k rsa -n "ExampleCA" -s "CN=Example CA Inc" -v 12 \ -t "CT,C,C" -x -d sql:/etc/ipsec.d
Then I get this error:

Code: Select all

certutil -S: trust is required for this command (-t).
I create the /etc/ipsec.d/nsspassword file and put the following values:

Code: Select all

token_1_ExampleCA:Test1
token_2_ExampleCA:Test2
#########################
NSS Certificate DB:secret

Re: Libreswan IPSEC with RASSIGKEY

Posted: 2018/12/28 09:44:46
by Eminent2021
Please help me

Please help ***Libreswan IPSEC with RASSIGKEY***

Posted: 2018/12/31 17:53:00
by Eminent2021
Hi folks,
I'd like to create a tunnel between two networks with libreswan that isolate using rsasigkey. I followed these steps:

Code: Select all

# cd /etc/ipsec.d/
# rm -rf *.db
# ipsec initnss
# certutil -W -d sql:/etc/ipsec.d
I create the nsspassword file and write the following values in it:

Code: Select all

token_1_name:the_password
token_2_name:the_password
And then I created the host key:

Code: Select all

# ipsec newhostkey --nssdir /etc/ipsec.d --password Test \ --output /etc/ipsec.secrets

Code: Select all

And in order to showing the rsasigkey:

Code: Select all

# ipsec showhostkey --list --right --ckaid ==3efrfrewaf2e3bxdehg --password Test
The Last step I ran to the problem is creating certificate authority :

Code: Select all

# certutil -S -k rsa -c "ExampleCA" -n "user1" -s "CN=User Common Name" \ -v 12 -t "u,u,u" -d sql:/etc/ipsec.d
This command ask me a password, I enter the password and after the encryption processing is completed asked me to enter the ENTER key and I encountered the following error:
Image

Any help would be appreciated. Thanks all

Re: Libreswan IPSEC with RASSIGKEY

Posted: 2018/12/31 22:39:07
by TrevorH
Please don't make duplicate posts. I have merged your new thread into the old one. If no-one replies it's because no-one has an answer for you.

Re: Libreswan IPSEC with RASSIGKEY

Posted: 2019/01/01 08:19:42
by Eminent2021
Have you any idea to solve my problem, please??

Re: Libreswan IPSEC with RASSIGKEY

Posted: 2019/01/02 17:24:38
by Whoever
If you have control of both endpoints, use OpenVPN instead.