[Openswan Users] ipsec auto --rereadkeys fails on Fedora 12 with NSS disable
Joe Ammann
joe at pyx.ch
Mon Dec 28 17:26:41 EST 2009
Hi everybody
I'm just about to upgrade to Fedora 12 and learned the whole story about NSS.
So for a quick start, I recompiled the RPM with NSS turned off. So I'm now
running with Openswan 2.6.23, with my configuration migrated from Fedora 8
(with Openswan 2.4.9), and have 2 problems left.
1) I have a tunnel authenticated with a certificate, and the following
configuration in /etc/ipsec.d/pyx.secrets
: RSA JoeLaptopKey.pem %prompt
When I start ipsec during boot, it says (as expected) "use ipsec
auto --rereadkeys to load keys". When I try this, ipsec auto complains about
an invalid configuration in the file with the configuration above. If I put
the correct passphrase in place of the "%prompt%", it works as expected and
the tunnel starts up.
2) If I put the correct passphrase and although the tunnel seems to come up
correctly (at least it says "STATE_QUICK_I2: sent QI2, IPsec SA
established"), communication is still not possible. Also, I'm missing any
sign of the IP address and the routes being added. ip addr list and ip route
list don't show anything about the IPsec addresses that I would expect.
Any hints, I'm a bit lost ?
--
CU, Joe
More information about the Users
mailing list