Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unknown option for ipsec newhostkey #2132

Open
R4to0 opened this issue Apr 19, 2024 · 1 comment
Open

Unknown option for ipsec newhostkey #2132

R4to0 opened this issue Apr 19, 2024 · 1 comment

Comments

@R4to0
Copy link

R4to0 commented Apr 19, 2024

OS: Debian GNU/Linux 11 (bullseye) x86_64
Kernel: 6.1.0-0.deb11.13-amd64
Webmin version: 2.111

Hello,

I'm currently trying to set up a VPN service through "IPsec VPN Configuration" module. At first I see this page:
image

When I click "Generate a key for host" with a valid hostname (no special chars, etc) I get this:

image

Checking ipsec/newkey.cgi file points the use of --output parameter:

webmin/ipsec/newkey.cgi

Line 9 in 97e4545

$out = &backquote_logged("$config{'ipsec'} newhostkey --output '$config{'secrets'}' --hostname '$in{'host'}' 2>&1");

I've tried the same parameters in terminal and got same output. Removing --output parameter will push the same issue for --hostname, very confusing for me. If I don't enter a parameter then it successfully generates a random key, storing in the NSS database.

$ sudo /usr/sbin/ipsec newhostkey --output test --hostname somehostname
ipsec newhostkey: unknown option `--output'

$ sudo /usr/sbin/ipsec newhostkey --hostname host
ipsec newhostkey: unknown option `--hostname'

$ sudo /usr/sbin/ipsec newhostkey
Generated RSA key pair with CKAID [redactec] was stored in the NSS database
The public key can be displayed using: ipsec showhostkey --left --ckaid [redactec]

Here's ipsec and its parameters output from terminal:

$ /usr/sbin/ipsec --help
Usage: ipsec {command} [argument] ...>
where {command} is one of:

        start                   stop
        restart                 status
        trafficstatus           traffic
        globalstatus            shuntstatus
        briefstatus             showstates
        fips                    import
        initnss                 checknss
        checknflog              addconn
        algparse                auto
        barf                    cavp
        dncheck                 ecdsasigkey
        enumcheck               getpeercon_server
        hunkcheck               ipcheck
        jambufcheck             keyidcheck
        letsencrypt             look
        newhostkey              pluto
        readwriteconf           rsasigkey
        setup                   show
        showhostkey             timecheck
        verify                  whack

See also: man ipsec <command> or ipsec <command> --help
See <https://libreswan.org/> for more general info.
Linux Libreswan 4.3 (netkey) on 6.1.0-0.deb11.13-amd64

$ /usr/sbin/ipsec newhostkey --help
Usage:
        ipsec newhostkey [--seeddev device] [--keytype rsa] [--bits n]
        ipsec newhostkey [--seeddev device] --keytype ecdsa [--curve curve]

        other options: [--quiet] [--hostname host] [--nssdir /var/lib/ipsec/nss] \
                [--password password]

Perhaps I'm using a incompatible ipsec package?

Thanks!
@chris001
Copy link

Confirmed on ubuntu 22.04, with the distro's strongswan ipsec package.
/usr/sbin/ipsec: unknown command newhostkey' (ipsec --help' for list)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@chris001 @R4to0