[Openswan Users] Private Keys disabled

Marcos Roberto Greiner rgreiner at usp.br
Mon Jun 11 08:52:53 EDT 2007 

Hi,

I've installed recently Openswan in a Debian 4.0 box, but in the verify
step I got the following situation:
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path                                 [OK]
Linux Openswan U2.4.6/K2.6.18-4-686 (netkey)
Checking for IPsec support in kernel                            [OK]
NETKEY detected, testing for disabled ICMP send_redirects       [OK]
NETKEY detected, testing for disabled ICMP accept_redirects     [OK]
Checking for RSA private key (/etc/ipsec.secrets)               [DISABLED]
  ipsec showhostkey: no default key in "/etc/ipsec.secrets"
Checking that pluto is running                                  [OK]
Two or more interfaces found, checking IP forwarding            [OK]
Checking NAT and MASQUERADEing                                  [N/A]
Checking for 'ip' command                                       [OK]
Checking for 'iptables' command                                 [OK]
Opportunistic Encryption Support                                [DISABLED]

the private keys seem to be disabled. In the /etc/ipsec.secrets file, I
got the following entry:
: RSA /etc/ipsec.d/private/server_nameKey.pem

The mentioned file is present. I've installed via debian's apt, and
didn't change any setup so far. I didn't manage to find a document
explaining how to enable the private keys. All documents I found always
assumed that the private keys above installed properly. Could someone
point me a document handling the situation?

The OpenSwan version I've installed is 2.4.6

Thank you very much,

Roberto


PS: A curiosity. I noticed something weird when typing ipsec --help.
Some of the available commands seemed duplicated, so I typed ipsec
--help|sort, to see if there were more. To my surprise every  single
command displayed was duplicated. Is that normal? That's the output I
received with the sort:

server:~# ipsec --help|sort

        auto
        auto
        barf
        barf
        calcgoo
        calcgoo
        eroute
        eroute
        ikeping
        ikeping
        ipsec_pr.template
        ipsec_pr.template
        klipsdebug
        klipsdebug
        livetest
        livetest
        look
        look
        mailkey
        mailkey
        manual
        manual
Most of these have their own manual pages, e.g. ipsec_auto(8).
        newhostkey
        newhostkey
        pf_key
        pf_key
        pluto
        pluto
        ranbits
        ranbits
        rsasigkey
        rsasigkey
        secrets
        secrets
See also <http://www.freeswan.org> or the ipsec(8) manual page.
        send-pr
        send-pr
        setup
        setup
        showdefaults
        showdefaults
        showhostkey
        showhostkey
        spi
        spi
        spigrp
        spigrp
        tncfg
        tncfg
Usage: ipsec command argument ...
        verify
        verify
        whack
        whack
where command is one of:




-- 
  -----------------------------------------------------
                Marcos Roberto Greiner

   Os otimistas acham que estamos no melhor dos mundos
    Os pessimistas tem medo de que isto seja verdade
                                       Murphy
  -----------------------------------------------------

More information about the Users mailing list