<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
Libreswan now insists on storing keys in the NSS database rather
than plain text.<br>
<br>
<div class="moz-cite-prefix">On 29/11/2013 06:37, Martin Erasmus
wrote:<br>
</div>
<blockquote cite="mid:52983634.3040803@onyx.co.za" type="cite">
<br>
Hi
<br>
<br>
I am running a server on Linux Openswan U2.4.7/K2.6.23.17-88.fc7,
I am runnung 5 remote servers using the same version of openswan
with no problem, I am now trying to add a new FC 18 system, this
version of openswan does not run on fc 18 as it comes up with
unable to determine address for ..., So I have had to install
Linux Libreswan 3.5 (netkey) on 3.10.13-101.fc18.x86_64 on the new
system. I have change the ipsec.conf file. I am now getting the
error "no RSA public key known for "serverip"
<br>
<br>
all the other systems are connecting and working fine it is just
this one
<br>
<br>
The Server ipsec.conf file
<br>
<br>
version 2
<br>
<br>
config setup
<br>
interfaces=%defaultroute
<br>
klipsdebug=none
<br>
plutodebug=none
<br>
<br>
conn %default
<br>
keyingtries=0
<br>
<br>
conn "old" this connections is working
<br>
type=tunnel
<br>
left=serverip
<br>
leftsubnet=192.168.0.0/24
<br>
leftnexthop=196.25.97.73
<br>
right=%any
<br>
rightsubnet=192.168.4.0/24
<br>
rightnexthop=
<br>
rightid=@besntl
<br>
auto=add
<br>
authby=secret|rsasig
<br>
leftrsasigkey=0sAQNpNCFEGH
<br>
rightrsasigkey=0sAQNueZGtVe
<br>
<br>
<br>
conn "new" This one is giving the error
<br>
type=tunnel
<br>
left=serverIP
<br>
leftsubnet=192.168.0.0/24
<br>
leftnexthop=196.25.97.73
<br>
right=%any
<br>
rightsubnet=192.168.2.0/24
<br>
rightnexthop=
<br>
rightid=@beslas1
<br>
auto=add
<br>
pfs=yes
<br>
authby=rsasig
<br>
leftrsasigkey=0sAQNpNCFEGH
<br>
rightrsasigkey=0sAQPJiwK5K6
<br>
<br>
<br>
#Disable Opportunistic Encryption
<br>
include /etc/ipsec.d/examples/no_oe.conf
<br>
<br>
<br>
The New System ipsec.conf
<br>
<br>
version 2
<br>
<br>
config setup
<br>
klipsdebug=none
<br>
plutodebug=none
<br>
interfaces=%defaultroute
<br>
<br>
<br>
<br>
conn %default
<br>
keyingtries=1
<br>
<br>
conn "new"
<br>
type=tunnel
<br>
left=serverip
<br>
leftsubnet=192.168.0.0/24
<br>
leftnexthop=196.25.97.73
<br>
right=%defaultroute
<br>
rightsubnet=192.168.2.0/24
<br>
rightid=@beslas1
<br>
rightnexthop=%defaultroute
<br>
auto=add
<br>
pfs=yes
<br>
authby=rsasig
<br>
leftrsasigkey=0sAQNpNCFEGH
<br>
rightrsasigkey=0sAQPJiwK5K6
<br>
<br>
#Disable Opportunistic Encryption
<br>
#include /etc/ipsec.d/examples/no_oe.conf
<br>
<br>
<br>
thanks
<br>
<br>
Martin
<br>
<br>
_______________________________________________
<br>
<a class="moz-txt-link-abbreviated" href="mailto:Users@lists.openswan.org">Users@lists.openswan.org</a>
<br>
<a class="moz-txt-link-freetext" href="https://lists.openswan.org/mailman/listinfo/users">https://lists.openswan.org/mailman/listinfo/users</a>
<br>
Micropayments:
<a class="moz-txt-link-freetext" href="https://flattr.com/thing/38387/IPsec-for-Linux-made-easy">https://flattr.com/thing/38387/IPsec-for-Linux-made-easy</a>
<br>
Building and Integrating Virtual Private Networks with Openswan:
<br>
<a class="moz-txt-link-freetext" href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155</a>
<br>
</blockquote>
<br>
</body>
</html>