[Openswan Users] Openswan Fedora 11 and SELinux issues

Scott Selvia selvia_scott at hotmail.com
Fri Jul 3 16:28:50 EDT 2009


Well I did the recompile as noted by the following:

http://fedoraforum.org/forum/showthread.php?t=224391

All worked well and I'm up and running, I still have a question though:

Since this was working in F10 and now not working in F11 (as you said a
RedHat broke it).  Is this something that you are going to have to code
around or does RedHat agree that they broke it?

I did chat with our Network Admin and they are setting up a new router
and when they do they will implement user id's and passwords along with
certificates.  So with that change I'll have to update the ipsec.conf.
I have not looked at the complete openswan doc, but I assume there is
support for user id, password, and certificates?

Thanks for you help,

Scott

On Mon, 2009-06-29 at 12:25 +0000, Scott Selvia wrote:
> The bulk of the SELinux messages were part of the original post, I had
> to leave out some of the details because it would not all fit as one
> complete message on the Fedora Forum.  Since this is my home machine
> and I'm trying to VPN into the corporate network, I'll repost the
> SELinux details this evening.
> 
> I'll give the compile/install a try, since I can't control the VPN
> server, I don't think they have X.509 connections setup at this point.
> 
> If the the compile/install does not work then I guess I'll switch back
> to Ubuntu...
> 
> Thanks for the feedback, at least I have received a response from
> Openswan.  The Fedora forum post has plenty of views but no replies.
> 
> Scott
> 
> > Date: Sun, 28 Jun 2009 17:40:16 -0400
> > From: paul at xelerance.com
> > To: selvia_scott at hotmail.com; avagarwa at redhat.com
> > CC: users at openswan.org
> > Subject: Re: [Openswan Users] Openswan Fedora 11 and SELinux issues
> > 
> > On Sun, 28 Jun 2009, Scott Selvia wrote:
> > 
> > > New to F11 but I have openswan working in ubuntu. Openswan
> installed
> > > without problems but when I run ipsec setup --start I get SELinux
> > > errors.
> > 
> > Can you show us the SElinux errors?
> > 
> > > A co-worker using F10 has the same ipsec.conf working just fine
> > > but he disabled the SELinux, which I would rather not do. Here is
> the
> > > ipsec.conf and my company.conf:
> > > 
> > > Any help would be great?????
> > 
> > > conn company
> > > authby=secret
> > 
> > RedHat has broken support for PSK (secret) when they enforced NSS
> support
> > for Openswan (for crypto certification).
> > 
> > You will have to either compile/install an openswan with NSS
> disabled,
> > or setup an NSS based X.509 connection instead.
> > 
> > Paul
> 
> 
> ______________________________________________________________________
> Lauren found her dream laptop. Find the PC that’s right for you.
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan: 
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155



More information about the Users mailing list