[Openswan Users] Debian packages needed.

Rene Mayrhofer rene.mayrhofer at gibraltar.at
Fri Oct 8 01:28:29 CEST 2004

Paul Wouters wrote:
> # RSA private key for this host, authenticating it to any other host
> # which knows the public part.  Suitable public keys, for ipsec.conf, DNS,
> # or configuration of other implementations, can be extracted conveniently
> # with "[sums to ef67...]".
> : RSA   {
> /tmp/ipsec-postinst.be0f9Q
>         }
> : RSA   {
> /tmp/ipsec-postinst.bISzH8
>         }
> : RSA   {
> /tmp/ipsec-postinst.XlsM2g
> This looks very odd to me. It seems the debian installer tried to do 
> something
> but failed to do it properly. I've CC:ed Rene on this message, perhaps 
> he can fix this problem.
He already did ;-)

This is a known issue with earlier versions of the openswan package when 
creating plain RSA keys instead of using X.509 certificates (which is 
what I am using myself and thus testing far more thoroughly than the 
auto-creation of plain RSA keys). Sorry for that issue, it has been 
caused by a cut&paste error when converting the postinst script from 
freeswan to openswan. Please update to the current version from Debian 
unstable (2.2.0-4) to fix the issue. Unfortunately a broken file will 
not get fixed automatically, so the simplest method is to dpkg --purge 
it (which should remove /etc/ipsec.secrets) and re-install the new package.

Hope this helps,

More information about the Users mailing list