<div dir="ltr">Hello.<div><br></div><div>Thanks for your answer.</div><div><br></div><div>All you said is new to me. </div><div><br></div><div>I've started by converting all my certs to the pkcs#12 format like this:</div>
<blockquote style="margin:0 0 0 40px;border:none;padding:0px"><div><div><font size="1" face="courier new, monospace">openssl pkcs12 -export -clcerts -in cacert.crt -inkey cakey.key -out ca.p12</font></div></div></blockquote>
<div><br></div><div>And then, I've imported them to ipsec.d like this:</div><div><br></div><blockquote style="margin:0 0 0 40px;border:none;padding:0px"><div><div><font size="1" face="courier new, monospace">[root@mainmachine ipsec.d]# pk12util -i /etc/pki/tls/ca.p12 -d /etc/ipsec.d/</font></div>
</div><div><div><font size="1" face="courier new, monospace">Enter Password or Pin for "NSS Certificate DB":</font></div></div><div><div><font size="1" face="courier new, monospace">Enter password for PKCS12 file: </font></div>
</div><div><div><font size="1" face="courier new, monospace">pk12util: no nickname for cert in PKCS12 file.</font></div></div><div><div><font size="1" face="courier new, monospace">pk12util: using nickname: <a href="http://www.mysite.com">www.mysite.com</a> - XPTO</font></div>
</div><div><div><font size="1" face="courier new, monospace">pk12util: PKCS12 IMPORT SUCCESSFUL</font></div></div></blockquote><div><br></div><div>And now I'm completely lost :(</div><div><br></div><div>Sorry, but what should I do next? I can't seem to find a proper tutorial explaining this steps.</div>
<div><br></div><div>Thanks,</div><div><br></div><div>Kent Davies</div><div><br></div><div><br></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Mon, Nov 18, 2013 at 4:47 AM, Leto <span dir="ltr"><<a href="mailto:letoams@gmail.com" target="_blank">letoams@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="auto"><div>if using the centos builds, those use nss, so you cannot put private key and certs in /etc/ipsec.d/</div>
<div><br></div><div>you need to use ipsec initnss and then ipsec import on the certs in pkcs#12 format. see README.NSS</div><div><br>sent from a tiny device </div><div class="im"><div><br>On 2013-11-17, at 6:00, Ana <<a href="mailto:kentdavies@gmail.com" target="_blank">kentdavies@gmail.com</a>> wrote:<br>
<br></div></div><blockquote type="cite"><div><div dir="ltr"><div class="gmail_quote"><div dir="ltr"><div class="im"><p class="MsoNormal"><span lang="EN-US">Hi
everybody. Hello again.</span></p><p class="MsoNormal"><span lang="EN-US"><br></span></p><p class="MsoNormal"><span lang="EN-US">Following my last cry for help, here am I again with some IPsec problems.</span></p><p class="MsoNormal">
<span lang="EN-US"><br></span></p><p class="MsoNormal"><span lang="EN-US">After managing to get IPsec running using secrets, I'm now trying (without success) to accomplish the same but now using X.509 certificates.</span></p>
<p class="MsoNormal"><span lang="EN-US"><br></span></p><p class="MsoNormal">Just for remembering, I’m running
two virtual machines with CentOS that simulates the network depicted in the
bellow picture.</p></div><p class="MsoNormal"><span lang="EN-US"><image.png><br></span></p><div><div class="h5"><p class="MsoNormal"><span lang="EN-US"><span style="margin-left:101px;margin-top:878px;width:595px;min-height:329px"></span></span></p>
<p class="MsoNormal"><span lang="EN-US"><span style="margin-left:101px;margin-top:878px;width:595px;min-height:329px"></span></span></p><p class="MsoNormal"><br></p>
<p class="MsoNormal"><span lang="EN-US">I want to
create an IPsec tunnel between machine A and machine B. The keys should be negotiated
using IKE and the tunnel should enable total connectivity between the two
machines. My goal is to achieve this using x.509 certificates.</span></p><p class="MsoNormal"><span lang="EN-US"><br></span></p><p class="MsoNormal"><span lang="EN-US">My machine A will act as a gateway and as an Certificate Authority.</span></p>
<p class="MsoNormal"><br></p><p class="MsoNormal">The first step, was to create my CA and two certificates. One for machine A and one for machine B. So, on machine A I've run this commands:</p><p class="MsoNormal"> 1) Create the CA:</p>
</div></div></div></div><div><div class="h5"><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><div class="gmail_quote"><div><p class="MsoNormal"><font size="1" face="courier new, monospace">openssl genrsa -des3 -out cakey.key 1024</font></p>
</div></div><div class="gmail_quote"><div><p class="MsoNormal"><font size="1" face="courier new, monospace">openssl req -new -key cakey.key -out cacsr.csr</font></p></div></div><div class="gmail_quote"><div><p class="MsoNormal">
<font size="1" face="courier new, monospace">openssl x509 -req -days 365 -in cacsr.csr -out cacert.crt -signkey cakey.key </font></p></div></div></blockquote><div class="gmail_quote"><div dir="ltr"><p class="MsoNormal"><br>
</p><p class="MsoNormal">2) For each machine, create a certificate signed using the CA created above:</p><p class="MsoNormal"><br></p></div></div><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><div class="gmail_quote">
<div><p class="MsoNormal"><font size="1" face="courier new, monospace">openssl genrsa -des3 -out gwonekey.key 1024</font></p></div></div><div class="gmail_quote"><div><p class="MsoNormal"><font size="1" face="courier new, monospace">openssl req -new -key </font><span style="font-family:'courier new',monospace;font-size:x-small">gwonekey</span><font size="1" face="courier new, monospace">.key -out gwonecsr.csr</font></p>
</div></div><div class="gmail_quote"><div><p class="MsoNormal"><font size="1" face="courier new, monospace">openssl ca -in </font><span style="font-family:'courier new',monospace;font-size:x-small">gwonecsr</span><font size="1" face="courier new, monospace">.csr -cert cacert.crt -keyfile cakey.key -out </font><span style="font-family:'courier new',monospace;font-size:x-small">gwonecert</span><font size="1" face="courier new, monospace">.crt</font></p>
</div></div><div class="gmail_quote"><div><p class="MsoNormal"><font size="1" face="courier new, monospace"><br></font></p></div></div><div class="gmail_quote"><div><p class="MsoNormal"><font size="1" face="courier new, monospace">openssl genrsa -des3 -out gwtwokey.key 1024</font></p>
</div></div><div class="gmail_quote"><div><p class="MsoNormal"><font size="1" face="courier new, monospace">openssl req -new -key </font><span style="font-family:'courier new',monospace;font-size:x-small">gwtwokey</span><font size="1" face="courier new, monospace">.key -out </font><span style="font-family:'courier new',monospace;font-size:x-small">gwtwocsr</span><font size="1" face="courier new, monospace">.csr</font></p>
</div></div><div class="gmail_quote"><div><p class="MsoNormal"><font size="1" face="courier new, monospace">openssl ca -in </font><span style="font-family:'courier new',monospace;font-size:x-small">gwtwocsr</span><font size="1" face="courier new, monospace">.csr -cert cacert.crt -keyfile cakey.key -out gwtwocert.crt</font></p>
</div></div></blockquote><div class="gmail_quote"><div dir="ltr"><p class="MsoNormal"><span lang="EN-US"><br></span></p><p class="MsoNormal"><span lang="EN-US">3) I've also created a Certification Revocation list:</span></p>
</div></div><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><div class="gmail_quote"><div><p class="MsoNormal"><span lang="EN-US"><font face="courier new, monospace" size="1">echo 01 > /etc/pki/CA/crlnumber</font></span></p>
</div></div><div class="gmail_quote"><div><p class="MsoNormal"><span lang="EN-US"><font face="courier new, monospace" size="1">openssl ca -gencrl -keyfile cakey.key -cert cacert.crt -out crl.pem</font></span></p></div></div>
</blockquote><div class="gmail_quote"><div dir="ltr"><p class="MsoNormal"><span lang="EN-US"><br></span></p><p class="MsoNormal"><span lang="EN-US">On machine A I've done this:</span></p></div></div><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px">
<div class="gmail_quote"><div><p class="MsoNormal"><font face="courier new, monospace" size="1">mkdir /etc/ipsec.d/private</font></p></div></div><div class="gmail_quote"><div><p class="MsoNormal"><font face="courier new, monospace" size="1">mkdir /etc/ipsec.d/certs</font></p>
</div></div><div class="gmail_quote"><div><p class="MsoNormal"><font face="courier new, monospace" size="1">mkdir /etc/ipsec.d/cacerts</font></p></div></div><div class="gmail_quote"><div><p class="MsoNormal"><font face="courier new, monospace" size="1">mkdir /etc/ipsec.d/crls</font></p>
</div></div><div class="gmail_quote"><div><p class="MsoNormal"><font face="courier new, monospace" size="1">cp gwonekey.key /etc/ipsec.d/private</font></p></div></div><div class="gmail_quote"><div><p class="MsoNormal"><font face="courier new, monospace" size="1">cp gwonecert.crt /etc/ipsec.d/certs</font></p>
</div></div><div class="gmail_quote"><div><p class="MsoNormal"><font face="courier new, monospace" size="1">cp cacert.crt /etc/ipsec.d/cacerts</font></p></div></div><div class="gmail_quote"><div><p class="MsoNormal"><font face="courier new, monospace" size="1">cp crl.pem /etc/ipsec.d/crls</font></p>
</div></div></blockquote><div class="gmail_quote"><div dir="ltr"><p class="MsoNormal"><font face="courier new, monospace" size="1"><span lang="EN-US"></span></font></p><p class="MsoNormal"><br></p><p class="MsoNormal">And on Machine B after copying the files:</p>
</div></div><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><div class="gmail_quote"><div><p class="MsoNormal"><font size="1" face="courier new, monospace">mkdir /etc/ipsec.d/private</font></p></div></div>
<div class="gmail_quote"><div><p class="MsoNormal"><font size="1" face="courier new, monospace">mkdir /etc/ipsec.d/certs</font></p></div></div><div class="gmail_quote"><div><p class="MsoNormal"><font size="1" face="courier new, monospace">mkdir /etc/ipsec.d/cacerts</font></p>
</div></div><div class="gmail_quote"><div><p class="MsoNormal"><font size="1" face="courier new, monospace">mkdir /etc/ipsec.d/crls</font></p></div></div><div class="gmail_quote"><div><p class="MsoNormal"><font size="1" face="courier new, monospace">cp gwtwokey.key /etc/ipsec.d/private</font></p>
<p class="MsoNormal"><span style="font-family:'courier new',monospace;font-size:x-small">cp gwonecert.crt /etc/ipsec.d/certs</span><font size="1" face="courier new, monospace"><br></font></p></div></div><div class="gmail_quote">
<div><p class="MsoNormal"><font size="1" face="courier new, monospace">cp gwtwocert.crt /etc/ipsec.d/certs</font></p></div></div><div class="gmail_quote"><div><p class="MsoNormal"><font size="1" face="courier new, monospace">cp cacert.crt /etc/ipsec.d/cacerts</font></p>
</div></div></blockquote><div class="gmail_quote"><div dir="ltr"><p class="MsoNormal"><span lang="EN-US"></span></p><p class="MsoNormal"><br></p><p class="MsoNormal"><span lang="EN-US">I've then edited the <b>ipsec.secrets</b> file on both machines:</span></p>
<p class="MsoNormal"><span lang="EN-US">Machine A:</span></p></div></div><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><div class="gmail_quote"><div><p class="MsoNormal"><font face="courier new, monospace" size="1">%any %any : PSK "test"</font></p>
</div></div><div class="gmail_quote"><div><p class="MsoNormal"><font face="courier new, monospace" size="1">: RSA gwonecert.crt "test"</font></p></div></div></blockquote><div class="gmail_quote"><div dir="ltr">
<p class="MsoNormal">
<font face="courier new, monospace" size="1"><span lang="EN-US"></span></font></p><p class="MsoNormal"><span lang="EN-US"><br></span></p><p class="MsoNormal"><span lang="EN-US">Machine B:</span></p></div></div><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px">
<div class="gmail_quote"><div><p class="MsoNormal"><font size="1" face="courier new, monospace">%any %any : PSK "test"</font></p></div></div><div class="gmail_quote"><div><p class="MsoNormal"><font size="1" face="courier new, monospace">: RSA gwonecert.crt "test"</font></p>
<p class="MsoNormal"><span style="font-family:'courier new',monospace;font-size:x-small">: RSA gwtwocert.crt "test"</span><font size="1" face="courier new, monospace"><br></font></p></div></div></blockquote>
<div class="gmail_quote"><div dir="ltr"><p class="MsoNormal"><font size="1"><span lang="EN-US"></span></font></p><p class="MsoNormal"><span lang="EN-US"><br></span></p><p class="MsoNormal"><span lang="EN-US">The last step was to edit the <b>ipsec.conf</b> on those machines:</span></p>
<p class="MsoNormal"><span lang="EN-US">Machine A:</span></p><p class="MsoNormal" style="margin-bottom:0.0001pt"><span lang="EN-US" style="font-size:8pt;font-family:'Courier New'">config setup</span></p>
<p class="MsoNormal" style="margin-bottom:0.0001pt"><span lang="EN-US" style="font-size:8pt;font-family:'Courier New'"> protostack=netkey</span></p><p class="MsoNormal" style="margin-bottom:0.0001pt">
<span lang="EN-US" style="font-size:8pt;font-family:'Courier New'"> dumpdir=/var/run/pluto/</span></p><p class="MsoNormal" style="margin-bottom:0.0001pt"><span lang="EN-US" style="font-size:8pt;font-family:'Courier New'"> nat_traversal=yes</span></p>
<p class="MsoNormal" style="margin-bottom:0.0001pt"><span lang="EN-US" style="font-size:8pt;font-family:'Courier New'"> virtual_private=%v4:<a href="http://0.0.0.0/0,%v6:fd00::/8,%v6:fe80::/10,%v4:!10.1.1.0/24" target="_blank">0.0.0.0/0,%v6:fd00::/8,%v6:fe80::/10,%v4:!10.1.1.0/24</a></span></p>
<p class="MsoNormal" style="margin-bottom:0.0001pt"><span lang="EN-US" style="font-size:8pt;font-family:'Courier New'"> </span></p><p class="MsoNormal" style="margin-bottom:0.0001pt"><span lang="EN-US" style="font-size:8pt;font-family:'Courier New'">#conn gw-to-gw</span></p>
<p class="MsoNormal" style="margin-bottom:0.0001pt"><span lang="EN-US" style="font-size:8pt;font-family:'Courier New'"># authby=secret</span></p><p class="MsoNormal" style="margin-bottom:0.0001pt">
<span lang="EN-US" style="font-size:8pt;font-family:'Courier New'"># left=192.168.1.1</span></p><p class="MsoNormal" style="margin-bottom:0.0001pt"><span lang="EN-US" style="font-size:8pt;font-family:'Courier New'"># leftsubnet=<a href="http://10.1.1.0/24" target="_blank">10.1.1.0/24</a></span></p>
<p class="MsoNormal" style="margin-bottom:0.0001pt"><span lang="EN-US" style="font-size:8pt;font-family:'Courier New'"># right=192.168.1.2</span></p><p class="MsoNormal" style="margin-bottom:0.0001pt">
<span lang="EN-US" style="font-size:8pt;font-family:'Courier New'"># rightsubnet=<a href="http://10.1.2.0/24" target="_blank">10.1.2.0/24</a></span></p><p class="MsoNormal" style="margin-bottom:0.0001pt">
<span lang="EN-US" style="font-size:8pt;font-family:'Courier New'"># auto=start</span></p>
<p class="MsoNormal" style="margin-bottom:0.0001pt"><span lang="EN-US" style="font-size:8pt;font-family:'Courier New'"># type=tunnel</span></p><p class="MsoNormal" style="margin-bottom:0.0001pt">
<span lang="EN-US" style="font-size:8pt;font-family:'Courier New'"> </span></p><p class="MsoNormal" style="margin-bottom:0.0001pt"><span lang="EN-US" style="font-size:8pt;font-family:'Courier New'">conn cert</span></p>
<p class="MsoNormal" style="margin-bottom:0.0001pt"><span lang="EN-US" style="font-size:8pt;font-family:'Courier New'"> authby=rsasig</span></p><p class="MsoNormal" style="margin-bottom:0.0001pt">
<span lang="EN-US" style="font-size:8pt;font-family:'Courier New'"> leftrsasigkey=%cert</span></p><p class="MsoNormal" style="margin-bottom:0.0001pt"><span lang="EN-US" style="font-size:8pt;font-family:'Courier New'"> leftcert=gwonecert.crt</span></p>
<p class="MsoNormal" style="margin-bottom:0.0001pt"><span lang="EN-US" style="font-size:8pt;font-family:'Courier New'"> left=192.168.1.1</span></p><p class="MsoNormal" style="margin-bottom:0.0001pt">
<span lang="EN-US" style="font-size:8pt;font-family:'Courier New'"> leftsubnet=<a href="http://10.1.1.0/24" target="_blank">10.1.1.0/24</a></span></p><p class="MsoNormal" style="margin-bottom:0.0001pt">
<span lang="EN-US" style="font-size:8pt;font-family:'Courier New'"> right=192.168.1.2</span></p>
<p class="MsoNormal" style="margin-bottom:0.0001pt"><span lang="EN-US" style="font-size:8pt;font-family:'Courier New'"> rightsubnet=<a href="http://10.1.2.0/24" target="_blank">10.1.2.0/24</a></span></p>
<p class="MsoNormal" style="margin-bottom:0.0001pt">
<span lang="EN-US" style="font-size:8pt;font-family:'Courier New'"> auto=start</span></p><p class="MsoNormal"><span lang="EN-US">
</span></p><p class="MsoNormal" style="margin-bottom:0.0001pt"><span lang="EN-US" style="font-size:8pt;font-family:'Courier New'"> type=tunnel</span></p><p class="MsoNormal"><span lang="EN-US"><br>
</span></p><p class="MsoNormal">Machine B:<br></p><p class="MsoNormal" style="margin-bottom:0.0001pt"><span lang="EN-US" style="font-size:8pt;font-family:'Courier New'">config setup</span></p><p class="MsoNormal" style="margin-bottom:0.0001pt">
<span lang="EN-US" style="font-size:8pt;font-family:'Courier New'"> protostack=netkey</span></p><p class="MsoNormal" style="margin-bottom:0.0001pt"><span lang="EN-US" style="font-size:8pt;font-family:'Courier New'"> dumpdir=/var/run/pluto/</span></p>
<p class="MsoNormal" style="margin-bottom:0.0001pt"><span lang="EN-US" style="font-size:8pt;font-family:'Courier New'"> nat_traversal=yes</span></p><p class="MsoNormal" style="margin-bottom:0.0001pt">
<span lang="EN-US" style="font-size:8pt;font-family:'Courier New'"> virtual_private=%v4:<a href="http://0.0.0.0/0,%v6:fd00::/8,%v6:fe80::/10,%v4:!10.1.1.0/24" target="_blank">0.0.0.0/0,%v6:fd00::/8,%v6:fe80::/10,%v4:!10.1.1.0/24</a></span></p>
<p class="MsoNormal" style="margin-bottom:0.0001pt"><span lang="EN-US" style="font-size:8pt;font-family:'Courier New'"> </span></p><p class="MsoNormal" style="margin-bottom:0.0001pt"><span lang="EN-US" style="font-size:8pt;font-family:'Courier New'">#conn gw-to-gw</span></p>
<p class="MsoNormal" style="margin-bottom:0.0001pt"><span lang="EN-US" style="font-size:8pt;font-family:'Courier New'"># authby=secret</span></p><p class="MsoNormal" style="margin-bottom:0.0001pt">
<span lang="EN-US" style="font-size:8pt;font-family:'Courier New'"># left=192.168.1.1</span></p><p class="MsoNormal" style="margin-bottom:0.0001pt"><span lang="EN-US" style="font-size:8pt;font-family:'Courier New'"># leftsubnet=<a href="http://10.1.1.0/24" target="_blank">10.1.1.0/24</a></span></p>
<p class="MsoNormal" style="margin-bottom:0.0001pt"><span lang="EN-US" style="font-size:8pt;font-family:'Courier New'"># right=192.168.1.2</span></p><p class="MsoNormal" style="margin-bottom:0.0001pt">
<span lang="EN-US" style="font-size:8pt;font-family:'Courier New'"># rightsubnet=<a href="http://10.1.2.0/24" target="_blank">10.1.2.0/24</a></span></p><p class="MsoNormal" style="margin-bottom:0.0001pt">
<span lang="EN-US" style="font-size:8pt;font-family:'Courier New'"># auto=start</span></p>
<p class="MsoNormal" style="margin-bottom:0.0001pt"><span lang="EN-US" style="font-size:8pt;font-family:'Courier New'"># type=tunnel</span></p><p class="MsoNormal" style="margin-bottom:0.0001pt">
<span lang="EN-US" style="font-size:8pt;font-family:'Courier New'"> </span></p><p class="MsoNormal" style="margin-bottom:0.0001pt"><span lang="EN-US" style="font-size:8pt;font-family:'Courier New'">conn cert</span></p>
<p class="MsoNormal" style="margin-bottom:0.0001pt"><span lang="EN-US" style="font-size:8pt;font-family:'Courier New'"> authby=rsasig</span></p><p class="MsoNormal" style="margin-bottom:0.0001pt">
<span lang="EN-US" style="font-size:8pt;font-family:'Courier New'"> leftrsasigkey=%cert</span></p><p class="MsoNormal" style="margin-bottom:0.0001pt"><span lang="EN-US" style="font-size:8pt;font-family:'Courier New'"> rightrsasigkey=%cert</span></p>
<p class="MsoNormal" style="margin-bottom:0.0001pt"><span lang="EN-US" style="font-size:8pt;font-family:'Courier New'"> leftcert=gwtwocert.crt</span></p><p class="MsoNormal" style="margin-bottom:0.0001pt">
<span lang="EN-US" style="font-size:8pt;font-family:'Courier New'"> rightcert=gwonecert.crt</span></p><p class="MsoNormal" style="margin-bottom:0.0001pt"><span lang="EN-US" style="font-size:8pt;font-family:'Courier New'"> left=192.168.1.2</span></p>
<p class="MsoNormal" style="margin-bottom:0.0001pt"><span lang="EN-US" style="font-size:8pt;font-family:'Courier New'"> leftsubnet=<a href="http://10.1.2.0/24" target="_blank">10.1.2.0/24</a></span></p>
<p class="MsoNormal" style="margin-bottom:0.0001pt">
<span lang="EN-US" style="font-size:8pt;font-family:'Courier New'"> right=192.168.1.1</span></p><p class="MsoNormal" style="margin-bottom:0.0001pt"><span lang="EN-US" style="font-size:8pt;font-family:'Courier New'"> rightsubnet=<a href="http://10.1.1.0/24" target="_blank">10.1.1.0/24</a></span></p>
<p class="MsoNormal" style="margin-bottom:0.0001pt"><span lang="EN-US" style="font-size:8pt;font-family:'Courier New'"> auto=start</span></p><p class="MsoNormal"><span lang="EN-US">
</span></p><p class="MsoNormal" style="margin-bottom:0.0001pt"><span lang="EN-US" style="font-size:8pt;font-family:'Courier New'"> type=tunnel</span></p><p class="MsoNormal"><span lang="EN-US"><br>
</span></p><p class="MsoNormal"><span lang="EN-US">I've restarted ipsec on both machines using <b>service ipsec restart</b> but now, after doing <b>ipsec auto --up</b> <b>cert </b>nothing happens. In terminal I have to hit ctrl C.</span></p>
<p class="MsoNormal"><span lang="EN-US"><br></span></p><p class="MsoNormal"><span lang="EN-US">Once again, can someone tell me what I am doing wrong?</span></p><p class="MsoNormal"><span lang="EN-US"><br></span></p><p class="MsoNormal">
<span lang="EN-US">Many thanks,</span></p><p class="MsoNormal"><span lang="EN-US"><br></span></p><p class="MsoNormal"><span lang="EN-US">Kent Davies</span></p><p class="MsoNormal"><span lang="EN-US"><br></span></p><p class="MsoNormal">
<span lang="EN-US"><br></span></p><p class="MsoNormal"><span lang="EN-US"><br></span></p><p class="MsoNormal"><br></p><p class="MsoNormal"><span lang="EN-US"> </span></p><p class="MsoNormal"><span lang="EN-US"><br></span></p>
<p class="MsoNormal"><span lang="EN-US"><br></span></p><p class="MsoNormal"><span lang="EN-US"><br>
</span></p><p class="MsoNormal"><span lang="EN-US"><br></span></p><p class="MsoNormal"><span lang="EN-US"><br></span></p><p class="MsoNormal"><span lang="EN-US"><br></span></p><p class="MsoNormal"><span lang="EN-US"><br>
</span></p>
<p class="MsoNormal"><span lang="EN-US"><br></span></p><p class="MsoNormal"><span lang="EN-US"><br></span></p><p class="MsoNormal"><span lang="EN-US"><br></span></p><p class="MsoNormal"><span lang="EN-US"><br></span></p>
<p class="MsoNormal">
<span lang="EN-US"><br></span></p><p class="MsoNormal"><span lang="EN-US"><br></span></p><p class="MsoNormal"><span lang="EN-US"><br></span></p><p class="MsoNormal"><span lang="EN-US"><br></span></p><p class="MsoNormal">
<span lang="EN-US"><br>
</span></p><p class="MsoNormal"><span lang="EN-US"><br></span></p><p class="MsoNormal"><span lang="EN-US"><br></span></p><p class="MsoNormal"><span lang="EN-US"><br></span></p><p class="MsoNormal"><span lang="EN-US"><br>
</span></p>
<p class="MsoNormal"><span lang="EN-US"><br></span></p><p class="MsoNormal"><span lang="EN-US"><br></span></p><p class="MsoNormal"><span lang="EN-US"><br></span></p></div>
</div><br></div></div></div>
</div></blockquote><div class="im"><blockquote type="cite"><div><span>_______________________________________________</span><br><span><a href="mailto:Users@lists.openswan.org" target="_blank">Users@lists.openswan.org</a></span><br>
<span><a href="https://lists.openswan.org/mailman/listinfo/users" target="_blank">https://lists.openswan.org/mailman/listinfo/users</a></span><br><span>Micropayments: <a href="https://flattr.com/thing/38387/IPsec-for-Linux-made-easy" target="_blank">https://flattr.com/thing/38387/IPsec-for-Linux-made-easy</a></span><br>
<span>Building and Integrating Virtual Private Networks with Openswan:</span><br><span><a href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155" target="_blank">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155</a></span><br>
</div></blockquote></div></div></blockquote></div><br></div></div>