[Openswan Users] ipsec auto --rereadkeys fails on Fedora 12 with NSS disable
joe at pyx.ch
Mon Dec 28 17:26:41 EST 2009
I'm just about to upgrade to Fedora 12 and learned the whole story about NSS.
So for a quick start, I recompiled the RPM with NSS turned off. So I'm now
running with Openswan 2.6.23, with my configuration migrated from Fedora 8
(with Openswan 2.4.9), and have 2 problems left.
1) I have a tunnel authenticated with a certificate, and the following
configuration in /etc/ipsec.d/pyx.secrets
: RSA JoeLaptopKey.pem %prompt
When I start ipsec during boot, it says (as expected) "use ipsec
auto --rereadkeys to load keys". When I try this, ipsec auto complains about
an invalid configuration in the file with the configuration above. If I put
the correct passphrase in place of the "%prompt%", it works as expected and
the tunnel starts up.
2) If I put the correct passphrase and although the tunnel seems to come up
correctly (at least it says "STATE_QUICK_I2: sent QI2, IPsec SA
established"), communication is still not possible. Also, I'm missing any
sign of the IP address and the routes being added. ip addr list and ip route
list don't show anything about the IPsec addresses that I would expect.
Any hints, I'm a bit lost ?
More information about the Users