[Openswan Users] Checking for RSA private key (/etc/ipsec.secrets) [DISABLED]

Paul Wouters paul at xelerance.com
Thu Nov 2 16:04:53 EST 2006

On Thu, 2 Nov 2006, André Marascalchi Zenun wrote:

> I finally have my kernel running and OpenSwan 2.4.6 running!
> I just have one issue that I'm not sure if is serious!
> When I execute "ipsec verify" I get the following:
> Version check and ipsec on-path                                 [OK]
> Linux Openswan U2.4.6/K2.4.7rc2 (klips)
> Checking for IPsec support in kernel                            [OK]
> Checking for RSA private key (/etc/ipsec.secrets)             [DISABLED]
>   ipsec showhostkey: no default key in "/etc/ipsec.secrets"
> Checking that pluto is running                                  [OK]
> Two or more interfaces found, checking IP forwarding            [OK]
> Checking NAT and MASQUERADEing                                  [N/A]
> Checking for 'ip' command                                       [OK]
> Checking for 'iptables' command                                 [OK]
> Opportunistic Encryption Support                              [DISABLED]
> I would like to know why I get this "[DISABLED]" in the RSA private key
> verification!
> In the ipsec.secrets I have this:
> : RSA /etc/ipsec.d/private/vpnKey.pem
> This is the default when I install OpenSwan using APT!
> Could some one give some help?

You can ignore the error, or do:

ipsec newhostkey --file /root/tmpkey
cat /root/tmpkey >> /etc/ipsec.secrets
rm /root/tmpkey


Building and integrating Virtual Private Networks with Openswan:

More information about the Users mailing list