[Openswan Users] URGENT HELP NEEDED
Paul Wouters
paul at xelerance.com
Tue Apr 27 20:39:39 CEST 2004
On Tue, 27 Apr 2004 Matti.Christensen at securitas.fi wrote:
> Many thanks for Your kind help !
You're welcome.
> - the fact that Openswan ( and Free-S-Wan ) is developed on RH makes it
> difficult to install the functionality on other kind of platforms - my box
> for instance did not initially have utilities like logger and ip ( but of
> course syslogd and ifconfig/route ) - so;
"ip" from iproute has obsoleted the old ifconfig/route commands for quite a
number of years now. logger might indeed be too specific. If you are willing
to tell us what your distro/platform uses, we can try and add something for it
in our packaging/ directory, which is meant for all the distro dependant things.
> --- it would be really nice to have short documents describing depencies
> of third party software, and between various binaries/scripts of the
> installation itself
"ipsec verify" actually checks for all the dependancies and gives errors when
it fails. Ofcourse, it does require perl :)
> --- some documentation of the installed directory structure would also be
> nice
You probably find it in the docs somewhere, but it os easy:
/etc/ipsec.secrets (rootonly readable file with PSK's and passphrases)
/etc/ipsec.conf standard configuration file
/usr/local/lib/ipsec all the binaries
/etc/init.d/ipsec the startup script
/etc/ipsec.d/ supporting configuration files
/etc/ipsec.d/private private keys for X/509
/etc/ipsec.d/crls Certificate Revocation Lists
/etc/ipsec.d/policies/ Opportunistic Encryption policy files
/etc/ipsec.d/cacerts Certificate Agency files
/etc/ipsec.d/certs X509 certificates
/etc/ipsec.d/examples example include files (contains no_oe.conf)
> If You are willing to answer even to this email, i might ask if the
> directory '/etc/ipsec.d' is mandatory when using just PSK.
It shouldn't be needed when not using OE or certificates. If there is code
that requires it (some X/509 code used to do some chdir()'s which I think
have all been taken out by now) then let us know and we will fix this dependancy.
> Anyhow - the ipsec connection i've been trying to make up is now up, and
> that is the most important issue just now - thanks again !
Great. Glad it works for you now. Was is the NAT iptables rules or the
openswan/superfreeswan mismatch?
Paul
More information about the Users
mailing list