[Openswan Users] Openswan Fedora 11 and SELinux issues
selvia_scott at hotmail.com
Fri Jul 3 16:28:50 EDT 2009
Well I did the recompile as noted by the following:
All worked well and I'm up and running, I still have a question though:
Since this was working in F10 and now not working in F11 (as you said a
RedHat broke it). Is this something that you are going to have to code
around or does RedHat agree that they broke it?
I did chat with our Network Admin and they are setting up a new router
and when they do they will implement user id's and passwords along with
certificates. So with that change I'll have to update the ipsec.conf.
I have not looked at the complete openswan doc, but I assume there is
support for user id, password, and certificates?
Thanks for you help,
On Mon, 2009-06-29 at 12:25 +0000, Scott Selvia wrote:
> The bulk of the SELinux messages were part of the original post, I had
> to leave out some of the details because it would not all fit as one
> complete message on the Fedora Forum. Since this is my home machine
> and I'm trying to VPN into the corporate network, I'll repost the
> SELinux details this evening.
> I'll give the compile/install a try, since I can't control the VPN
> server, I don't think they have X.509 connections setup at this point.
> If the the compile/install does not work then I guess I'll switch back
> to Ubuntu...
> Thanks for the feedback, at least I have received a response from
> Openswan. The Fedora forum post has plenty of views but no replies.
> > Date: Sun, 28 Jun 2009 17:40:16 -0400
> > From: paul at xelerance.com
> > To: selvia_scott at hotmail.com; avagarwa at redhat.com
> > CC: users at openswan.org
> > Subject: Re: [Openswan Users] Openswan Fedora 11 and SELinux issues
> > On Sun, 28 Jun 2009, Scott Selvia wrote:
> > > New to F11 but I have openswan working in ubuntu. Openswan
> > > without problems but when I run ipsec setup --start I get SELinux
> > > errors.
> > Can you show us the SElinux errors?
> > > A co-worker using F10 has the same ipsec.conf working just fine
> > > but he disabled the SELinux, which I would rather not do. Here is
> > > ipsec.conf and my company.conf:
> > >
> > > Any help would be great?????
> > > conn company
> > > authby=secret
> > RedHat has broken support for PSK (secret) when they enforced NSS
> > for Openswan (for crypto certification).
> > You will have to either compile/install an openswan with NSS
> > or setup an NSS based X.509 connection instead.
> > Paul
> Lauren found her dream laptop. Find the PC that’s right for you.
> Users at openswan.org
> Building and Integrating Virtual Private Networks with Openswan:
More information about the Users