[Openswan Users] Re: Some questions

Wed Aug 4 17:56:20 CEST 2004

On Tue, 3 Aug 2004, Frédéric Gonzatti wrote:
> So if I'm understanding what you said, I've nothing to do and this is
> normal ?? My configuration is correct ?

Yeah, that error does not indicate a problem. If you want to make sure you
have a proper private key, run:

ipsec auto --listcerts

and make sure that your key has ', has private key' by it, like:

000 Aug 04 11:51:40 2004, count: 7
000        subject: 'x'
000        issuer:  'x'
000        serial:   xx
000        pubkey:   2048 RSA Key xxxxxxx, has private key

<...>

> 1/In your old tutorial you said :
> "Edit the .key file, and delete everything down from the line starting with
> '-----BEGIN CERTIFICATE REQUEST-----'. After you do this, the file should
> start with '-----BEGIN RSA PRIVATE KEY-----', and end with '-----END RSA
> PRIVATE KEY-----'."
>
> Not with Openswan 2.1.4 right ?

Shouldn't be necessary.

> 2/ I don't know if you remember me ( an annoying guy with lots of problems)
> ;-D
>  Few weeks ago I tried to configure an ipsec gateway but my gateway was behind
> a router. I've tried nat-t patch but unfortunately it didn't work at all.
> So now I ask my ISP for a new public IP for my gateway.
> Now it looks like this :
>
> router with public ip (Same WAN and LAN side 62.160.X.X/255.255.255.248)
> --------------Ipsec gateway with public IP : 62.160.X.Y/255.255.255.248
> (default gateway 62.160.X.X/255/255.255.248)
>
> Do you think now I've a chance to make it works with Windows clients ?

Yeah, that should certainly be possible, that's a fairly normal
configuration.

> 3/ Is conn packet default, conn block etc... are still working with
> openswan 2.1.4 ?

Yes.

------------------------------------------------------------------------
| nate carlson | natecars at natecarlson.com | http://www.natecarlson.com |
|       depriving some poor village of its idiot since 1981            |
------------------------------------------------------------------------