[Openswan Users] NSS and openswan 2.6.25

Martin Nield member at mandp.freeserve.co.uk
Sun May 23 16:47:17 EDT 2010


I have read the README.nss text file that comes with openswan 2.6.25 and am unable to make ipsec work. However, my 
configuration does work with openswan 2.6.23 using NSS database and RSA keys as described in the README.nss file. 
When I attempt to bring up the connection using openswan 2.6.25, I get the following error:

003 "/etc/ipsec.d/ipsec.secrets" line 2: NSS certificate not found

Please advise what I need to alter in my configuration to make it work for openswan 2.6.25. What follows is my 
ipsec.conf for your consideration:

version 2.0

config setup
interfaces = "ipsec0=eth0"

conn %default
keyingtries = 0
leftrsasigkey = %cert
rightrsasigkey = %cert
rekey = no
esp = "aes-sha1"
ike = "aes-sha1"
type = transport
auto = add

conn left-right
left = left.example.com
leftid = "CN=left.example.com"
leftcert = left
leftsourceip = left.example.com
leftnexthop = right.example.com
right = right.example.com
rightid = "CN=right.example.com"
rightcert = right
rightsourceip = right.example.com
rightnexthop = left.example.com

@left.example.com : RSA left

NSS Certificate DB:nss_password

Many thanks in advance,


More information about the Users mailing list