Re: [Shorewall-users] UDP Getting Blocked When Unblocked (StrongSwan)

Sun, 24 Dec 2017 15:59:59 -0800 

> -------- Original Message --------
> Subject: Re: [Shorewall-users] UDP Getting Blocked When Unblocked (StrongSwan)
> Local Time: December 24, 2017 3:03 PM
> UTC Time: December 24, 2017 11:03 PM
> From: teas...@shorewall.net
> To: shorewall-users@lists.sourceforge.net
>
> On 12/24/2017 02:56 PM, Tom Eastep wrote:
>
>>> I'm now ready to try and set up the Android app.  I wasn't able to
>>> import a .pem cert, but maybe it'll let me import a .der cert.
>>
>> I successfully imported both the .pem CA cert and the .p12 bundle. The
>> former ended up in User Certificates and the latter in Imported.
>
> Other way around...
>
> CA Cert in Imported
> p12 in User
>
> -Tom

Everything goes well with the commands below, but when I try to import the .p12 
into the SS Android app, it seems to be happy, but no user shows up to choose 
from and no certs are in User nor Imported.

# cd /etc/strongswan/ipsec.d/
# strongswan pki --gen --type rsa --outform pem --size 4096 > private/caKey.pem
Self-sign a CA certificate using the generated key:
# strongswan pki --self --in private/caKey.pem --type rsa --dn "C=US, 
O=Quantum, CN=Quantum CA" --outform pem --ca > certs/caCert.pem
CA is ready to issue end-entity certificates.
For each peer, i.e. for all VPN clients and VPN gateways, generate an individual
Gen private key, and issue a matching certificate using new CA:
# strongswan pki --gen --type rsa --outform pem --size 4096 > 
private/quantumKey.pem
# strongswan pki --pub --in private/quantumKey.pem --type rsa | strongswan pki 
--issue --cacert certs/caCert.pem --cakey private/caKey.pem --san 
quantum-equities.com --dn "C=US, O=Quantum, CN=quantum-equities.com" --outform 
pem > certs/quantumCert.pem
# chmod -R 600 private

# openssl pkcs12 -in certs/quantumCert.pem -inkey private/quantumKey.pem 
-certfile certs/caCert.pem -export -out quantum.p12
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to