<html>
<head>
<meta http-equiv="content-type" content="text/html;
charset=ISO-8859-1">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<br>
<div class="moz-forward-container">Hi Paul<br>
<br>
if i do not update my openswan on my server but run the steps
below will that effect my existing openswan connection?<br>
<br>
I am run one box in a remote office that is running a very old
version of linux and openswan on very old hardware and all this
system does is act as a gateway, if i upgrade my server to
libreswan will this old version of openswan connect to libreswan.
<br>
<br>
thanks<br>
<br>
<br>
-------- Original Message --------
<table class="moz-email-headers-table" cellpadding="0"
cellspacing="0" border="0">
<tbody>
<tr>
<th align="RIGHT" nowrap="nowrap" valign="BASELINE">Subject:
</th>
<td>Re: [Openswan Users] Openswan connecting to Libreswan</td>
</tr>
<tr>
<th align="RIGHT" nowrap="nowrap" valign="BASELINE">Date: </th>
<td>Fri, 29 Nov 2013 09:43:13 -0500 (EST)</td>
</tr>
<tr>
<th align="RIGHT" nowrap="nowrap" valign="BASELINE">From: </th>
<td>Paul Wouters <a class="moz-txt-link-rfc2396E"
href="mailto:paul@nohats.ca"><paul@nohats.ca></a></td>
</tr>
<tr>
<th align="RIGHT" nowrap="nowrap" valign="BASELINE">To: </th>
<td>Martin Erasmus <a class="moz-txt-link-rfc2396E"
href="mailto:martin@onyx.co.za"><martin@onyx.co.za></a></td>
</tr>
<tr>
<th align="RIGHT" nowrap="nowrap" valign="BASELINE">CC: </th>
<td><a class="moz-txt-link-abbreviated"
href="mailto:users@lists.openswan.org">users@lists.openswan.org</a>,
<a class="moz-txt-link-abbreviated"
href="mailto:swan@lists.libreswan.org">swan@lists.libreswan.org</a></td>
</tr>
</tbody>
</table>
<br>
<br>
<pre>On Fri, 29 Nov 2013, Martin Erasmus wrote:
> I am now trying to add a new FC 18 system, this version of openswan does not
> run on fc 18 as it comes up with unable to determine address for ...,
Fedora has obsoleted openswan and replaced it with libreswan. If you run
a yum update it should update your old openswan to the latest libreswan.
> So I
> have had to install Linux Libreswan 3.5 (netkey) on 3.10.13-101.fc18.x86_64
> on the new system. I have change the ipsec.conf file. I am now getting the
> error "no RSA public key known for "serverip"
Your private key in /etc/ipsec.secrets (or via include files) is not
being used. It has to be generated from within the secure NSS store.
> authby=secret|rsasig
> leftrsasigkey=0sAQNpNCFEGH
> rightrsasigkey=0sAQNueZGtVe
run this:
ipsec stop (if already running)
rm /etc/ipsec.d/*db (if running libreswan < 3.6-2 and it has been started once)
ipsec initnss *if running libreswan < 3.6-2 and it has been started once)
ipsec newhostkey --output /etc/ipsec.d/hostkey.secrets --configdir /etc/ipsec.d
Then run "ipsec showhostkey --left" to get your new public raw RSA key.
Also change authby to be just: authby=rsasigkey
Paul
--
Libreswan Developer - <a class="moz-txt-link-freetext" href="https://libreswan.org/">https://libreswan.org/</a>
Red Hat Security - <a class="moz-txt-link-freetext" href="http://people.redhat.com/pwouters/">http://people.redhat.com/pwouters/</a>
Personal Blog - <a class="moz-txt-link-freetext" href="https://nohats.ca/">https://nohats.ca/</a>
</pre>
<br>
</div>
<br>
</body>
</html>