[Openswan Users] Debian packages needed.

Ferdinand O. Tempel pw at linuxops.net
Thu Oct 7 23:46:38 CEST 2004

On Thu, 2004-10-07 at 21:24, Joost Kraaijeveld wrote:
> Hi Paul,
> users-bounces at openswan.org schreef:
> > Can someone provide me with an ipsec barf output in this 'non
> > working' state without opportunistic encryptiom?
> I do not question your helpfulness in any way (is this English???; anyway, I declare hereby that you have been always helpfull to me), and I know what my problem is: I do not have an ipsec.secrets to start with ( see attached barf file ;-)). 
> But my complaint is that I cannot find any info on how to make that file without disrupting my current Debian installation in any way (can it be done, how do I (re)use files etc.?). Should I create a ipsec.secrets into the /etc/ipsec.d directory structure or not? If so, why and how should I do that? If not, what does this directory structure mean in relation to the ipsec.conf file? 

The debian package has a postinst script which does all sort of funky
stuff with generating keys pairs and certificates and whatnot (IOW, it
creates /etc/ipsec.secrets for you). debconf should have asked you if
you wanted to do that upon package installation. Are you saying that
part doesn't work for you?: reportbug openswan. Or are you saying you
didn't get the question at all? Configure debconf to lower the priority
of questions asked (man debconf.conf), or dpkg-reconfigure openswan
which will show you all low priority questions, no matter what.

By your own admission, you're a user. Following your line of reasoning
below, would you need to care how things interact with eachother

> I am just a user, not a developer, of ipsec and OpenSwan. Ask me anything about C++ and I will be glad to answer it... I cannot know every thing of every thing I use in detail. 

Well, with ipsec in general and openswan in particular, IMO you should
pretty much have a clue about what you're doing. You can't expect a
generic package installation to be able to be a 1:1 match with your
particular situation. It can set up a few sane defaults for you, but
that's about all you can expect, IMO. You will have to read the manual
to get a good grasp on how to configure openswan (even the quickstart
manual on openswan.org will do for that, not to mention the stuff in
/usr/share/doc/openswan). How can a VPN ever be secure without verifying
how things are set up? Or better, doing it yourself? If you don't want
to bother, get an administrator to do it for you.

You're barking up the wrong tree, IMO, no offence.


Ferdinand O. Tempel

Your friendly neighborhood linuxops.net administrator.

Ferdinand O. Tempel

Your friendly neighborhood linuxops.net administrator.

More information about the Users mailing list