Page MenuHomeVyOS Platform
Create Task
Maniphest T267

generate vpn rsa-key command is broken - /usr/lib/ipsec/newhostkey is missing
Closed, ResolvedPublic
Actions

Description

Following the documentation found here: https://wiki.vyos.net/wiki/GRE/IPsec#Setup_option_.232:_sourcing_the_tunnel_from_loopbacks

Running the following version:

vyos@Lanino-left-vyos:~$ sh ver
Version:          VyOS 999.201701191729
Built by:         [email protected]
Built on:         Thu 19 Jan 2017 17:29 UTC
Build ID:         1da10964-5ac4-4abd-8682-c1a2e4c4a757

Architecture:     x86_64
Boot via:         installed image
System type:      KVM guest

Hardware vendor:  QEMU
Hardware model:   Standard PC (i440FX + PIIX, 1996)
Hardware S/N:
Hardware UUID:    30DE8ABF-74E7-4C43-B386-BF1ECEDF586E

Copyright:        VyOS maintainers and contributors

I am stuck at this step: on both routers run the operational command "generate vpn rsa-key bits 2048"

Expected result:

Generating rsa-key to /config/ipsec.d/rsa-keys/localhost.key

Your new local RSA key has been generated
The public portion of the key is:

0sAQO2335[long string here]

Actual result:

vyos@Lanino-left-vyos:~$ generate vpn rsa-key bits 2048
Generating rsa-key to /config/ipsec.d/rsa-keys/localhost.key
Can't exec "/usr/lib/ipsec/newhostkey": No such file or directory at /opt/vyatta/bin/sudo-users//gen_local_rsa_key.pl line 116.
Can not generate RSA key: No such file or directory

Checking on the local filesystem, I can see that /usr/lib/ipsec/newhostkey is indeed missing.

vyos@Lanino-left-vyos:~$ sudo ls /usr/lib/ipsec/newhostkey
ls: cannot access /usr/lib/ipsec/newhostkey: No such file or directory

vyos@Lanino-left-vyos:~$ sudo ls -l /usr/lib/ipsec/
total 1196
-rwxr-xr-x 1 root root  18432 Jan 19 15:47 charon
-rwxr-xr-x 1 root root  10736 Jan 19 15:47 _copyright
lrwxrwxrwx 1 root root     18 Jan 19 15:47 libcharon.so -> libcharon.so.0.0.0
lrwxrwxrwx 1 root root     18 Jan 19 15:47 libcharon.so.0 -> libcharon.so.0.0.0
-rw-r--r-- 1 root root 585472 Jan 19 15:47 libcharon.so.0.0.0
lrwxrwxrwx 1 root root     17 Jan 19 15:47 libhydra.so -> libhydra.so.0.0.0
lrwxrwxrwx 1 root root     17 Jan 19 15:47 libhydra.so.0 -> libhydra.so.0.0.0
-rw-r--r-- 1 root root  18272 Jan 19 15:47 libhydra.so.0.0.0
lrwxrwxrwx 1 root root     22 Jan 19 15:47 libstrongswan.so -> libstrongswan.so.0.0.0
lrwxrwxrwx 1 root root     22 Jan 19 15:47 libstrongswan.so.0 -> libstrongswan.so.0.0.0
-rw-r--r-- 1 root root 395728 Jan 19 15:47 libstrongswan.so.0.0.0
lrwxrwxrwx 1 root root     16 Jan 19 15:47 libvici.so -> libvici.so.0.0.0
lrwxrwxrwx 1 root root     16 Jan 19 15:47 libvici.so.0 -> libvici.so.0.0.0
-rw-r--r-- 1 root root  26568 Jan 19 15:47 libvici.so.0.0.0
drwxr-xr-x 2 root root   1090 Jan 19 16:32 plugins
-rwxr-xr-x 1 root root  39000 Jan 19 15:47 scepclient
-rwxr-xr-x 1 root root  80480 Jan 19 15:47 starter
-rwxr-xr-x 1 root root  26712 Jan 19 15:47 stroke
-rwxr-xr-x 1 root root  20235 Jan 19 15:47 _updown
-rwxr-xr-x 1 root root    448 Mar 27  2016 vti-up-down


vyos@Lanino-left-vyos:~$ sudo find / -name newhostkey
vyos@Lanino-left-vyos:~$

Details

Difficulty level
Easy (less than an hour)
Version
VyOS 999.201701191729
Why the issue appeared?
Will be filled on close

Event Timeline

emartel created this task.Feb 7 2017, 4:38 PM
UnicronNL claimed this task.Feb 8 2017, 7:55 PM
UnicronNL added a subscriber: UnicronNL.

Hi @emartel

I have replaced this with a openssl command to generate the new key.
https://github.com/vyos/vyatta-op-vpn/commit/9608b691012160836fd0fdcc1c8f9357d89c4de1

It is in the latest live build:
http://dev.packages.vyos.net/iso/current/amd64/vyos-999.201702081407-amd64.iso

UnicronNL closed this task as Resolved.Feb 9 2017, 8:21 AM

Hi @emartel

I will mark this as 'Resolved' i have seen your chat... thanks