vpn problem

From: J. Erik Heinz <list(at)jerik.de>
Date: Mon, 2 Jan 2006 01:12:37 +0100



Hi, 



hoffe ihr hattet alle einen guten rutsch ins neue Jahr!



Ich versuche gerade ein vpn auf meiner freebsd 5.4 machine


einzurichten. Dabei habe ich mich an folgendes tutorial gehalten,


http://www.pronix.de/pronix-936.html 



Aber wie sooft will es nicht so wie ich will...


Das Problem scheint zu sein, das ich keine tauglichen ssl-keys


erstellen kann. 



Wenn ich die mittels 



        /usr/bin/openssl genrsa -aes256 -out \


        /usr/local/openssl/private/vpn-cakey.pem 2048



und 



        /usr/bin/openssl req -new -newkey rsa:1024 -out \


        /usr/local/openssl/certs/erik-preCert.pem -nodes -keyout \


        /usr/local/openssl/private/erik-key.pem -days 3650



erstellten keys teste, erhalte ich folgendes ergebnis:



/usr/local/sbin/openvpn --test-crypto --secret


/usr/local/openssl/private/vpn-cakey.pem


Mon Jan  2 00:52:37 2006 OpenVPN 2.0.5 i386-portbld-freebsd5.4 [SSL]


[LZO] built on Jan  1 2006


Mon Jan  2 00:52:37 2006 OpenVPN 2.0.5 i386-portbld-freebsd5.4 [SSL]


[LZO] built on Jan  1 2006


Mon Jan  2 00:52:37 2006 Insufficient key material or header text not


found found in file '/usr/local/openssl/private/vpn-cakey.pem'


(0/128/256 bytes found/min/max)


Mon Jan  2 00:52:37 2006 Exiting



Installiert habe ich folgende ports: 


openssl-0.9.8a      SSL and crypto library


openvpn-2.0.5_1     Secure IP/Ethernet tunnel daemon



Hat einer eine Idee woran das liegen könnte. 



Nachfolgende ein script output, mit mehr infos: 


-----------------------------------------------



Script started on Mon Jan  2 00:51:32 2006


root(at)develop# cd /usr/local/openssl/


root(at)develop# ls -l


total 8


drwxr-xr-x  2 root  wheel  512	2 Jan 00:47 certs


drwxr-xr-x  2 root  wheel  512	1 Jan 19:00 crl


-rw-r--r--  1 root  wheel    0	2 Jan 00:51 index.txt


drwx------  2 root  wheel  512	2 Jan 00:49 private


-rw-r--r--  1 root  wheel    3	2 Jan 00:51 serial


/usr/bin/openssl genrsa -aes256 -out /usr/local/openssl/private/vpn-cakey.pem 2048


Generating RSA private key, 2048 bit long modulus


..............................................................................................................................+++


...+++


e is 65537 (0x10001)


Enter pass phrase for /usr/local/openssl/private/vpn-cakey.pem:


Verifying - Enter pass phrase for /usr/local/openssl/private/vpn-cakey.pem:


/usr/bin/openssl req -new -x509 -days 3650 -key /usr/local/openssl/private/vpn-cakey.pem -out /usr/local/openssl/vpn-cacert.pem -set_serial 1


Enter pass phrase for /usr/local/openssl/private/vpn-cakey.pem:


You are about to be asked to enter information that will be incorporated


into your certificate request.


What you are about to enter is what is called a Distinguished Name or a DN.


There are quite a few fields but you can leave some blank


For some fields there will be a default value,


If you enter '.', the field will be left blank.


-----


Country Name (2 letter code) [AU]:de


State or Province Name (full name) [Some-State]:hessen


Locality Name (eg, city) []:frankfurt


Organization Name (eg, company) [Internet Widgits Pty Ltd]:test


Organizational Unit Name (eg, section) []:testjerik


Common Name (eg, YOUR name) []:jerk


Email Address []:test(at)test.de


/usr/local/sbin/openvpn --test-crypto --secret /usr/local/openssl/private/vpn-cakey.pem


Mon Jan  2 00:52:37 2006 OpenVPN 2.0.5 i386-portbld-freebsd5.4 [SSL] [LZO] built on Jan  1 2006


Mon Jan  2 00:52:37 2006 OpenVPN 2.0.5 i386-portbld-freebsd5.4 [SSL] [LZO] built on Jan  1 2006


Mon Jan  2 00:52:37 2006 Insufficient key material or header text not found found in file '/usr/local/openssl/private/vpn-cakey.pem' (0/128/256 bytes found/min/max)


Mon Jan  2 00:52:37 2006 Exiting


root(at)develop# ls -l


total 10


drwxr-xr-x  2 root  wheel   512  2 Jan 00:47 certs


drwxr-xr-x  2 root  wheel   512  1 Jan 19:00 crl


-rw-r--r--  1 root  wheel     0  2 Jan 00:51 index.txt


drwx------  2 root  wheel   512  2 Jan 00:51 private


-rw-r--r--  1 root  wheel     3  2 Jan 00:51 serial


-rw-r--r--  1 root  wheel  1578  2 Jan 00:52 vpn-cacert.pem


root(at)develop# ls -l private/


total 2


-rw-r--r--  1 root  wheel  1766  2 Jan 00:52 vpn-cakey.pem


root(at)develop# ls -l certs/


total 0


root(at)develop# cat index.txt


root(at)develop# cat serial


01


/usr/bin/openssl req -new -newkey rsa:1024 -out /usr/local/openssl/certs/erik-preCert.pem -nodes -keyout /usr/local/openssl/private/erik-key.pem -days 3650


Generating a 1024 bit RSA private key


....................++++++


...........................++++++


writing new private key to '/usr/local/openssl/private/erik-key.pem'


-----


You are about to be asked to enter information that will be incorporated


into your certificate request.


What you are about to enter is what is called a Distinguished Name or a DN.


There are quite a few fields but you can leave some blank


For some fields there will be a default value,


If you enter '.', the field will be left blank.


-----


Country Name (2 letter code) [AU]:de


State or Province Name (full name) [Some-State]:hessen


Locality Name (eg, city) []:frankfurt


Organization Name (eg, company) [Internet Widgits Pty Ltd]:testets


Organizational Unit Name (eg, section) []:testes


Common Name (eg, YOUR name) []:testjeirk


Email Address []:test(at)testse.de



Please enter the following 'extra' attributes


to be sent with your certificate request


A challenge password []:


An optional company name []:


/usr/bin/openssl x509 -req -in /usr/local/openssl/certs/erik-preCert.pem -out /usr/local/openssl/certs/erik-cert.pem -CA /usr/local/openssl/vpn-cacert.pem -CAkey /usr/local/openssl/private/vpn-cakey.pem -CAserial serial -days 3650


Signature ok


subject=/C=de/ST=hessen/L=frankfurt/O=testets/OU=testes/CN=testjeirk/emailAddress=test(at)testse.de


Getting CA Private Key


Enter pass phrase for /usr/local/openssl/private/vpn-cakey.pem:


/usr/local/sbin/openvpn --test-crypto --secret /usr/local/openssl/private/erik-key.pem


Mon Jan  2 00:54:14 2006 OpenVPN 2.0.5 i386-portbld-freebsd5.4 [SSL] [LZO] built on Jan  1 2006


Mon Jan  2 00:54:14 2006 OpenVPN 2.0.5 i386-portbld-freebsd5.4 [SSL] [LZO] built on Jan  1 2006


Mon Jan  2 00:54:14 2006 Insufficient key material or header text not found found in file '/usr/local/openssl/private/erik-key.pem' (0/128/256 bytes found/min/max)


Mon Jan  2 00:54:14 2006 Exiting


root(at)develop# pkg_info | grep open


libltdl-1.5.22	    System independent dlopen wrapper


open-motif-2.2.3_2  Motif X11 Toolkit (industry standard GUI (IEEE 1295))


openldap-client-2.2.30 Open source LDAP client implementation


openslp-1.2.1_1     Open-source implementation of the Service Location Protocol


openssl-0.9.8a	    SSL and crypto library


openvpn-2.0.5_1     Secure IP/Ethernet tunnel daemon


pango-1.10.2	    An open-source framework for the layout and rendering of i1


php5-openssl-5.0.4_2 The openssl shared extension for php


postgresql-server-8.0.5_1 The most advanced open-source database available anywhere


speex-1.0.5,1	    An open-source patent-free voice codec


root(at)develop# exit


exit



Script done on Mon Jan	2 00:54:36 2006


-----------------------------------------------



Gruss Erik



-- 
J. Erik Heinz
Keyboard-samuraing in process
:: All non-mailinglist mail to this emailadress will be deleted.
OpenBC: https://www.openbc.com/hp/JErik_Heinz
To Unsubscribe: send mail to majordomo(at)de.FreeBSD.org
with "unsubscribe de-bsd-questions" in the body of the message


Received on Mon 02 Jan 2006 - 01:16:40 CET













search this site