[Openswan Users] Trying to figure out how to import ipsec.secrets or hostkey.secrets into this new NSS database
Greg Scott
GregS at Infrasupport.com
Thu May 20 10:30:05 EDT 2010
I've been pouring over everything I can find - evidently the
ipsec.secrets file and Fedora's hostkey.secrets file is now obsolete?
I have an older version of Openswan running on a system that I need to
replace with newer hardware. I think the old system was Red Hat Linux
9.0, so it's really old and it might be so old it's running Free S/WAN.
The new system will use Fedora 12. Anyway, I want to preserve the
.secrets file on the old system with the new system, so I don't have to
modify the conn definitions at the branch sites.
This used to be easy - just copy the appropriate .secrets file to the
new location on the new system. But evidently, this is no longer so
straightforward. Looking at an earlier thread that I was hoping could
shed some light on the new situation:
> You need to create/import your certificate in the NSS database. There
is
> a README.nss in the openswan package that gives details how to do it,
> and how to use certificates with NSS.
>
> Avesh
Wonderful. So where is this readme file? Did the Red Hat folks not
include it in their RPM?
[root at Stylmark-fw2 ~]# rpm -qa | grep swan
openswan-2.6.25-1.fc12.i686
[root at Stylmark-fw2 ~]# find / -name README.nss
[root at Stylmark-fw2 ~]# find / -name readme.nss
[root at Stylmark-fw2 ~]# find / -name readme.NSS
[root at Stylmark-fw2 ~]# find / -name README.NSS
[root at Stylmark-fw2 ~]# find / -name *.NSS
[root at Stylmark-fw2 ~]# find / -name *.nss
[root at Stylmark-fw2 ~]#
[root at Stylmark-fw2 ~]#
[root at Stylmark-fw2 ~]# # Just to make sure my find isn't messed up...
[root at Stylmark-fw2 ~]# touch a.bcd
[root at Stylmark-fw2 ~]# find / -name *.bcd
/root/a.bcd
[root at Stylmark-fw2 ~]#
I also just have to ask because I haven't been able to find anything
that tells me why - if the old way of doing keys wasn't broken, why
change it? And are there any more surprises coming up?
Thanks
- Greg Scott
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20100520/d90fbb2a/attachment.html
More information about the Users
mailing list