[Openswan Users] Trying to figure out how to import ipsec.secrets or hostkey.secrets into this new NSS database

Greg Scott GregS at Infrasupport.com
Thu May 20 10:30:05 EDT 2010 

I've been pouring over everything I can find - evidently the
ipsec.secrets file and Fedora's hostkey.secrets file is now obsolete?  

I have an older version of Openswan running on a system that I need to
replace with newer hardware.  I think the old system was Red Hat Linux
9.0, so it's really old and it might be so old it's running Free S/WAN.
The new system will use Fedora 12.  Anyway, I want to preserve the
.secrets file on the old system with the new system, so I don't have to
modify the conn definitions at the branch sites.  

This used to be easy - just copy the appropriate .secrets file to the
new location on the new system.  But evidently, this is no longer so
straightforward.  Looking at an earlier thread that I was hoping could
shed some light on the new situation:

> You need to create/import your certificate in the NSS database. There
is 
> a README.nss in the openswan package that gives details how to do it, 
> and how to use certificates with NSS.
>
> Avesh

Wonderful.  So where is this readme file?  Did the Red Hat folks not
include it in their RPM?

[root at Stylmark-fw2 ~]# rpm -qa | grep swan
openswan-2.6.25-1.fc12.i686
[root at Stylmark-fw2 ~]# find / -name README.nss
[root at Stylmark-fw2 ~]# find / -name readme.nss
[root at Stylmark-fw2 ~]# find / -name readme.NSS
[root at Stylmark-fw2 ~]# find / -name README.NSS
[root at Stylmark-fw2 ~]# find / -name *.NSS
[root at Stylmark-fw2 ~]# find / -name *.nss
[root at Stylmark-fw2 ~]#
[root at Stylmark-fw2 ~]#
[root at Stylmark-fw2 ~]# # Just to make sure my find isn't messed up...
[root at Stylmark-fw2 ~]# touch a.bcd
[root at Stylmark-fw2 ~]# find / -name *.bcd
/root/a.bcd
[root at Stylmark-fw2 ~]#

I also just have to ask because I haven't been able to find anything
that tells me why - if the old way of doing keys wasn't broken, why
change it? And are there any more surprises coming up?

Thanks

- Greg Scott


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20100520/d90fbb2a/attachment.html

More information about the Users mailing list