[Openswan Users] Openswan Fedora 11 and SELinux issues

Paul Wouters paul at xelerance.com
Sun Jun 28 17:40:16 EDT 2009

On Sun, 28 Jun 2009, Scott Selvia wrote:

> New to F11 but I have openswan working in ubuntu. Openswan installed
> without problems but when I run ipsec setup --start I get SELinux
> errors.

Can you show us the SElinux errors?

> A co-worker using F10 has the same ipsec.conf working just fine
> but he disabled the SELinux, which I would rather not do. Here is the
> ipsec.conf and my company.conf:
> Any help would be great?????

> conn company
> authby=secret

RedHat has broken support for PSK (secret) when they enforced NSS support
for Openswan (for crypto certification).

You will have to either compile/install an openswan with NSS disabled,
or setup an NSS based X.509 connection instead.


More information about the Users mailing list