2

I'm using the strongswan documentation right here

I've added to /etc/ipsec.secrets the following line:

: RSA moonKey.pem "SomePwd"

however i don't know how to create moonKey.pem. Any ideas?

this is a follow up question to this one: strongSwan ipsec setup, couple of questions

Community
  • 1
lurscher
  • 172
  • 1
  • 3
  • 17
  • I would appreciate if someone with enough rep could edit the post and add a "strongSwan" tag. thanks! – lurscher Apr 11 '11 at 20:48

2 Answers2

3

This post on the strongSwan mailing list seems to cover your question.

Gist: 

openssl req -x509 -days 1460 -newkey rsa:1024 -keyout moonKey.pem -out mooncert.pem -subj "/CN=moon/" -nodes
sebix
  • 4,313
  • 2
  • 29
  • 47
entropo
  • 695
  • 4
  • 6
  • Note: they don't tell you this in the guide because they assume (based on [text here](http://wiki.strongswan.org/projects/strongswan/wiki/Fornewbies) ) that you know this: _"Also, we consider that you know how to use and generate SSH public and private key pairs and that you know how to connect remotely to a host using SSH."_ – entropo Apr 11 '11 at 22:51
  • thats for creating moonCert.pem. moonKey.pem is supposedly the shared secret file between the hosts – lurscher Apr 11 '11 at 22:52
  • See: http://www.openssl.org/docs/apps/req.html#item__keyout – entropo Apr 11 '11 at 22:55
  • so according to this scheme, at what point is used the shared secret? i don't see in the documentation any mention of copy the same file on the sun and moon gateways – lurscher Apr 11 '11 at 22:58
3

If you just want to generate pre-shared keys and not use certificates, then two examples are provided at Linux Kernel 2.6 using KAME-tools using xxd -- "make a hexdump or do the reverse"

$ # Generate 128 Bit long key
$ #
$ dd if=/dev/random count=16 bs=1 | xxd -ps
16+0 Records ein
16+0 Records aus
cd0456eff95c5529ea9e918043e19cbe

$ # Generate 192 Bit long key
$ #
$ dd if=/dev/random count=24 bs=1 | xxd -ps
24+0 Records ein
24+0 Records aus
9d6c4a8275ab12fbfdcaf01f0ba9dcfb5f424c878e97f888ode
J G Miller
  • 31
  • 1