02-11-2003
My real problem is that the Linux gateway is using a "pre-shared ke", while the xBSD gateway is asking different keys with different encryption styles: encryption key and auth key. That i did not figure out: why BSD needs different keys and FreeSWAN/ipsec does not, or how can a BSD gateway talk to a FreeSWAN/Linux gateway with PSK?
8 More Discussions You Might Find Interesting
1. UNIX for Advanced & Expert Users
I'm facing a problem interpreting the shared memory key on an AIX machine.
(1) I go to a property file and I see the following:
shm_key = "119112066"
(2) So I now go the command prompt and do this:
ipcs -m | grep 119112066
And, I do not find it. So what I do is to run the... (2 Replies)
Discussion started by: vijaygade
2 Replies
2. IP Networking
Hello,
I'm trying to setup a gateway VPN between two routers across an unsecured network between two local networks. The routers are both linux and I'm using the ipsec tools, racoon and setkey. So far hosts from either local net can successfully ping hosts on the other local net without issue.
... (0 Replies)
Discussion started by: salukibob
0 Replies
3. Solaris
Hi, I've used the following way to set ssh public key authentication and it is working fine on Solaris 10, RedHat Linux and SuSE Linux servers without any problem. But I got error 'Server refused our key' on Solaris 8 system. Solaris 8 uses SSH2 too. Why? Please help. Thanks.
... (1 Reply)
Discussion started by: aixlover
1 Replies
4. Cybersecurity
hello,
after configuration ipsec in ip4 I can not ping between client and server whereas I had success ping before configuration!
I also generate different key for AH and ESP as i have shown below.
what is my problem and what should i do to have ping and test the configuration?
code:
... (0 Replies)
Discussion started by: elinaz
0 Replies
5. Programming
Hello.
I am new to this forum and I would like to ask for advice about low level POSIX programming.
I have to implement a POSIX compliant C shared library.
A file will have some variables and the shared library will have some functions which need those variables.
There is one special... (5 Replies)
Discussion started by: iamjag
5 Replies
6. IP Networking
Hi all,
I have installed Openswan and configured IPSec and works perfect, but for some unknown reasons it stop working. I see that the tunnels are up and established. The route to the destination are added. Everything by the book seems to be ok. But somehow when i start to ping the other side (... (4 Replies)
Discussion started by: ivancd
4 Replies
7. IP Networking
Hi @all,
I try to connect 2 LANs with IPSec/Openswan
LAN 1: 192.168.0.0/24
LAN 2: 192.168.1.0/24
This is my Config:
conn HomeVPN # # Left security gateway, subnet behind it, nexthop toward right. left=192.168.1.29 ... (1 Reply)
Discussion started by: bahnhasser83
1 Replies
8. IP Networking
We are using cyberoam device, VPN IPSEC tunnel is going of frequently even the traffic is throug.
Please suggest what may be the cause for the above mentioned issue.
Also suggest a best tool to monitor the same VPN IPSEC tunnel connectivity. (4 Replies)
Discussion started by: marunmeera
4 Replies
LEARN ABOUT CENTOS
ipsec_newhostkey
IPSEC_RANBITS(8) Executable programs IPSEC_RANBITS(8)
NAME
ipsec_newhostkey - generate a new raw RSA authentication key for a host
SYNOPSIS
ipsec newhostkey [[--configdirnssdbdir] | [--password password]] [[--quiet] | [--verbose]] [--bits bits] [--random device]
[--hostname hostname] [--output filename]
DESCRIPTION
newhostkey outputs (into filename, which can be '-' for standard output) an RSA private key suitable for this host, in /etc/ipsec.secrets
format (see ipsec.secrets(5)) using the --quiet option per default.
The --output option is mandatory. The specified filename is created under umask 077 if nonexistent; if it already exists and is non-empty,
a warning message about that is sent to standard error, and the output is appended to the file.
The --quiet option suppresses both the rsasigkey narrative and the existing-file warning message.
When compiled with NSS support (the default), --configdir specifies the nss configuration directory where the certificate key, and modsec
databases reside. There is no default value, though /etc/ipsec.d might be sensible choice.
When compiled with NSS support (the default), --password specifies a module authentication password that may be required if FIPS mode is
enabled
The --bits option specifies the number of bits in the RSA key; the current default is a random (multiple of 16) value between 3072 and
4096. The minimum allowed is 2172.
The --random is used to specify the random device (default /dev/random used to seed the crypto library RNG.
The --hostname option is passed through to rsasigkey to tell it what host name to label the output with (via its --hostname option).
The output format is that of rsasigkey, with bracketing added to complete the ipsec.secrets format. In the usual case, where ipsec.secrets
contains only the hostas own private key, the output of newhostkey is sufficient as a complete ipsec.secrets file.
FILES
/dev/random, /dev/urandom
SEE ALSO
ipsec_rsasigkey(8), ipsec.secrets(5)
HISTORY
Originally written for the Linux FreeS/WAN project <http://www.freeswan.org> by Henry Spencer. Updated by Paul Wouters
BUGS
As with rsasigkey, the run time is difficult to predict, since depletion of the systemas randomness pool can cause arbitrarily long waits
for random bits, and the prime-number searches can also take unpre dictable (and potentially large) amounts of CPU time. See
ipsec_rsasigkey(8) .
A higher-level tool which could handle the clerical details of changing to a new key would be helpful.
AUTHOR
Paul Wouters
placeholder to suppress warning
libreswan 09/06/2013 IPSEC_RANBITS(8)