<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=us-ascii">
<META content="MSHTML 6.00.6000.16850" name=GENERATOR></HEAD>
<BODY>
<DIV dir=ltr align=left><FONT face=Arial color=#0000ff size=2><SPAN
class=752210903-08072009>Searching for "CKAIDNSS" with Google, I see a few
references at <A
href="http://cvs.fedoraproject.org">http://cvs.fedoraproject.org</A> and <A
href="http://cvs.fedora.redhat.com">http://cvs.fedora.redhat.com</A>. It
looks like a patch to Openswan 2.6.21. I am running the bundled RPM that
came with Fedora 11. If any folks from RedHat are reading this, would it
be possible to shed some light? Please please please please reassure me
you didn't break old IPSEC secrets files! I guess I will find out tomorrow
when I try to put this replacement system into production.
</SPAN></FONT></DIV>
<DIV dir=ltr align=left><FONT face=Arial color=#0000ff size=2><SPAN
class=752210903-08072009></SPAN></FONT> </DIV>
<DIV dir=ltr align=left><FONT face=Arial color=#0000ff size=2><SPAN
class=752210903-08072009>thanks</SPAN></FONT></DIV>
<DIV dir=ltr align=left><FONT face=Arial color=#0000ff size=2><SPAN
class=752210903-08072009></SPAN></FONT> </DIV>
<DIV dir=ltr align=left><FONT face=Arial color=#0000ff size=2><SPAN
class=752210903-08072009>- Greg Scott</SPAN></FONT></DIV><BR>
<DIV class=OutlookMessageHeader lang=en-us dir=ltr align=left>
<HR tabIndex=-1>
<FONT face=Tahoma size=2><B>From:</B> users-bounces@openswan.org
[mailto:users-bounces@openswan.org] <B>On Behalf Of </B>Greg
Scott<BR><B>Sent:</B> Tuesday, July 07, 2009 6:43 PM<BR><B>To:</B>
users@lists.openswan.org<BR><B>Subject:</B> [Openswan Users] CKAIDNSS keyword
not found where expected in RSAkey in /var/log/secure<BR></FONT><BR></DIV>
<DIV></DIV>
<DIV dir=ltr align=left><FONT face=Arial size=2><SPAN
class=789583123-07072009>What does "CKAIDNSS keyword not found where expected in
RSA key" mean?</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN
class=789583123-07072009></SPAN></FONT> </DIV>
<DIV><FONT face=Arial size=2><SPAN class=789583123-07072009>I have an aging
system running Linux Openswan U2.4.5/K2.6.18-1.2798.fc6 (netkey). I am
replacing it with a new system running Linux Openswan U2.6.21/K(no kernel code
presently loaded). The replacement system will also run netkey, I
just have Openswan shut down on it right now. </SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN
class=789583123-07072009></SPAN></FONT> </DIV>
<DIV><FONT face=Arial size=2><SPAN class=789583123-07072009>So I copied the
hostkey.secrets file and appropriate .conf files from the old to the new
system. When I start IPSEC on the new system, I see this message in
/var/log/secure:</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN
class=789583123-07072009></SPAN></FONT> </DIV>
<DIV><FONT face=Arial size=2><SPAN class=789583123-07072009>Jul 7 17:59:02
huge-fw pluto[4537]: "/etc/ipsec.d/hostkey.secrets" line 14: CKAIDNSS keyword
not found where expected in RSA key<BR></SPAN></FONT><FONT face=Arial
size=2><SPAN class=789583123-07072009></SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN class=789583123-07072009>What does this
mean? I am replacing the HQ site and there are a couple of branch
sites in this case. Did the format of the keys change and do I need to
generate a new key at the HQ site and fiddle with scripts at all my branch sites
to use the new key at the HQ site?</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN
class=789583123-07072009></SPAN></FONT> </DIV>
<DIV><FONT face=Arial size=2><SPAN
class=789583123-07072009>thanks</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN
class=789583123-07072009></SPAN></FONT> </DIV>
<DIV><FONT face=Arial size=2><SPAN class=789583123-07072009>- Greg
Scott</DIV></SPAN></FONT></BODY></HTML>