[Openswan Users] Openswan Fedora 11 and SELinux issues

Scott Selvia selvia_scott at hotmail.com
Mon Jun 29 08:25:05 EDT 2009

The bulk of the SELinux messages were part of the original post, I had to leave out some of the details because it would not all fit as one complete message on the Fedora Forum.  Since this is my home machine and I'm trying to VPN into the corporate network, I'll repost the SELinux details this evening.

I'll give the compile/install a try, since I can't control the VPN server, I don't think they have X.509 connections setup at this point.

If the the compile/install does not work then I guess I'll switch back to Ubuntu...

Thanks for the feedback, at least I have received a response from Openswan.  The Fedora forum post has plenty of views but no replies.


> Date: Sun, 28 Jun 2009 17:40:16 -0400
> From: paul at xelerance.com
> To: selvia_scott at hotmail.com; avagarwa at redhat.com
> CC: users at openswan.org
> Subject: Re: [Openswan Users] Openswan Fedora 11 and SELinux issues
> On Sun, 28 Jun 2009, Scott Selvia wrote:
> > New to F11 but I have openswan working in ubuntu. Openswan installed
> > without problems but when I run ipsec setup --start I get SELinux
> > errors.
> Can you show us the SElinux errors?
> > A co-worker using F10 has the same ipsec.conf working just fine
> > but he disabled the SELinux, which I would rather not do. Here is the
> > ipsec.conf and my company.conf:
> > 
> > Any help would be great?????
> > conn company
> > authby=secret
> RedHat has broken support for PSK (secret) when they enforced NSS support
> for Openswan (for crypto certification).
> You will have to either compile/install an openswan with NSS disabled,
> or setup an NSS based X.509 connection instead.
> Paul

Lauren found her dream laptop. Find the PC that’s right for you.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20090629/ca227af3/attachment.html 

More information about the Users mailing list