[Openswan Users] Debian packages needed.
Paul Wouters
paul at xelerance.com
Fri Oct 8 00:01:07 CEST 2004
On Thu, 7 Oct 2004, Joost Kraaijeveld wrote:
> I do not question your helpfulness in any way (is this English???; anyway, I declare hereby that you have been always helpfull to me), and I know what my problem is: I do not have an ipsec.secrets to start with ( see attached barf file ;-)).
It seems debian didn't properly not touch your ipsec.secrets and ipsec.conf file. It overwrote it with
standard package files. I see in the barf:
# RSA private key for this host, authenticating it to any other host
# which knows the public part. Suitable public keys, for ipsec.conf, DNS,
# or configuration of other implementations, can be extracted conveniently
# with "[sums to ef67...]".
: RSA {
/tmp/ipsec-postinst.be0f9Q
}
: RSA {
/tmp/ipsec-postinst.bISzH8
}
: RSA {
/tmp/ipsec-postinst.XlsM2g
This looks very odd to me. It seems the debian installer tried to do something
but failed to do it properly. I've CC:ed Rene on this message, perhaps he
can fix this problem.
> But my complaint is that I cannot find any info on how to make that file without disrupting my current Debian installation in any way (can it be done, how do I (re)use files etc.?). Should I create a ipsec.secrets into the /etc/ipsec.d directory structure or not? If so, why and how should I do that? If not, what does this directory structure mean in relation to the ipsec.conf file?
Your barf shows that there is nothing left undisturbed. There are no secrets and no connections defined
anywhere.
You can create a new rsa key, but I dont think you'll have much use out of it, unless you will
configure the remote site as well. I am not sure if you were even using raw rsa keys to begin
with.
The command to generate this is: ipsec newhostkey --output /etc/ipsec.secrets
Paul
--
"Non cogitamus, ergo nihil sumus"
More information about the Users
mailing list