Koozali.org: home of the SME Server
  1. Koozali.org: home of the SME Server
  2. Legacy Forums
  3. Experienced User Forum
  4. Topic: freeswan problems
« previous next »
Pages: [1]   Go Down

freeswan problems

  • 7 Replies
  • 1051 Views

Rory

freeswan problems
« on: July 07, 2002, 01:35:24 AM »
Hi,

I followed the seemingly simply howto for freeswan on sme.  However, when I reach the step of viewing my public encryption key so as to copy and transfer it to the other vpn terminus, I find that there is no public encryption key to be copied?  

THis is what it says on my screen:

"""""Public encryption key for this server
The public encryption key must be copied in its entirety for use in the setup of the gateway server at the other end of the IPSEC VPN.

Public encryption key:


Click here to return to the main IPSEC VPN screen."""""

The "Public encryption key" is not hyperlinked or anything.  And there is nothing there?

What should I do here?

Rory
Logged

Rorry

Re: freeswan problems--followup
« Reply #1 on: July 07, 2002, 07:14:09 AM »
To diagnose,

I formatted, reinstalled 5.1 in rpm'd freeswan and the public encryption key showed up just like it is supposed to.  Then I upgraded to 5.5 and I went first thing to check if the key still showed up and it doesn't.

So I am getting from this that the freeswan contrib at http://myezserver.com/downloads/mitel/contrib/
is not compatible with 5.5.

Can anyone confirm this?

Rory
Logged

Steve

Re: freeswan problems
« Reply #2 on: July 07, 2002, 10:46:46 AM »
I'm having similar problems.

I installed 5.5 on two new (to me) computers.  I then installed the freeswan RPM contribution at http://myezserver.com/downloads/mitel/contrib/.  After the install I checked the freeswan version as called for in the howto.  It was version 1.97 which didn't match eithor of the two referenced versions.  I decided to install the _updown associated with version 1.91.  At this point I tried to use the server-manager to view the public keys but both servers displayed empty fields.  Without the keys, I was unable to continue with the setup.

I repeated the SME install on both computer using 5.1.2 instead of 5.5 and also installed the freeswan RPM.  This time the installed freeswan version was 1.91 and the public key was viewable on both servers.  I completed the freeswan setup and successfully created a network-to-network VPN between the two servers.

I tried to chase down the problem but I'm new to Linux and e-smith.  I looked at the differences in the original _upload examples delivered with freeswan 1.91 and 1.97 and saw nothing that would prevent a public key from being created or found.  It makes me think that the problem must be related to a different directory structure or file format.  I wish I knew more.

Steve
Logged

Rory

Re: freeswan problems
« Reply #3 on: July 07, 2002, 10:44:43 PM »
I second or third all of that.

In addition, I went to the freeswan.org web site and checked out their documentation.  The RSA publically shared key is supposed to be in the file called "ipsec.secrets".  This file exists on e-smith, but the place where the key should be is empty.  WTF?

One last thing: I would like to know if anyone has got it working on 5.1, and then upgraded to 5.5?  For these people, does the upgrade break the vpn?  I know that it will make the key invisible.

RORY
Logged

Randy Brown

Re: freeswan problems
« Reply #4 on: July 08, 2002, 12:13:26 AM »
the upgrade will break your vpn/ipsec/freeswan.  we will have to wait for an update for freeswan or hack it your self.  : {( bummer i know
Logged

Steve Robinson

Re: freeswan problems
« Reply #5 on: July 08, 2002, 08:49:03 AM »
The template file /etc/e-smith/templates/etc/ipsec.secrets/10RSAKey is using "rsasigkey" to generate the new key.  This is the command called for in the configuration section of freeswan 1.91 documentation.  However, 1.95 documentation says that the new key should be generated with "newhostkey".  I could not find 1.97 documentation but I'm betting that the key generation command is not "rsasigkey".  I did not look to see if "rsasigkey" and "newhostkey" require different arguments.

I no long have access to a test machine.  I'm hoping that someone else can make changes to the script and test.  If so, please post your findings.
Logged

Steve Bush

Re: freeswan problems
« Reply #6 on: July 22, 2002, 09:31:17 AM »
The good news is that Freeswan works on 5.5 with a bit of work.
There are several items that need to be modified to get it working, one of which is the 10RSAKey file needs to point to the new freeswan directory.
See the following devinfo post for directory locations:
http://www.mail-archive.com/devinfo@lists.e-smith.org/msg09405.html

There is also a bug/feature change in SME5.5 for setting a local network.  The workaround is posted in the bugs section of e-smith.org.

The example _updown file must be moved to the new freeswan directory,
see the above devinfo post.

Compression must be disabled in the _updown file.

I've had one SME 5.5 server communicating with several SME 5.1.2 servers now for weeks.
The same amount of time that I've promised Darrell that I would redo the How-To :(
Logged

SalaTar

Re: freeswan problems
« Reply #7 on: July 28, 2002, 11:23:06 PM »
Still no go is there an update to this issue?
Logged
Pages: [1]   Go Up
« previous next »
  1. Koozali.org: home of the SME Server
  2. Legacy Forums
  3. Experienced User Forum
  4. Topic: freeswan problems