Hi All<div><br><div><div>I am testing ipsec host to host communication. Things went fine when I was running with pre-shared keys and I was able to build tunnel. I concluded this means Pluto is running fine, my kernel/pluto config are ok and things are running in sync. </div>
<div><br></div><div>However when I switched to RSA thing are not working as smoothly. I found my ipsec.secrets key empty on Ubuntu side. When I try to run ipsec newhostley --output /etc/ipsec.secrets I got '--confdir required' err message. I tried to create new NSS databse using certutil failed complaining 'could not authenticate token 'NSS certification DB' which I am not sure Iunderstood. </div>
<div><br></div><div>Finally I was able to created keys using: ---configdir /etc/pki/nssdb. </div><div><br></div><div>Now I have rsa sig on both side ipsec.secrets and minimal config (leftip,leftsidesig, rightip,rightsidesig) but when I up the connection I get 'we cannot identify ourselves with either end of this connection' on Ubuntu side and retransmission failure message on red hat side (whic i think is ok as Ubuntu side failed to respond). </div>
</div><div><br></div><div>I am looking for minimal checklist to confirm my setup/conf is right. I find error message from openswan config n setup are not very explicit n for very error message I have to google and filter a lots of old and new config data.Though I am currently focused on running RSA in one go I will try to document all issues I got and how I resolved them and post it here someday.</div>
<div><br></div><div>I request you to share your latest tryst with running open swan on any linux distro. Last but not the least do let me know how to debug/proceed from 'we cannot identify ourselves with either end of this connection' situation. </div>
<div><br></div><div>Thanks in advance.</div><div><br></div><div>-SP</div><div><br></div><div>===============================================================</div><div><div>My Setup:</div><div><br></div><div>Ubuntu 10 /Opsenswan 2.6.23 <-------------------------------->Redheat 5 /openswan 2.6.21</div>
</div><div><br></div></div>