[Openswan Users] NSS and openswan 2.6.25

Avesh Agarwal avagarwa at redhat.com
Mon May 24 09:58:46 EDT 2010


On 05/23/2010 04:47 PM, Martin Nield wrote:
> Sirs,
>
> I have read the README.nss text file that comes with openswan 2.6.25 and am unable to make ipsec work. However, my
> configuration does work with openswan 2.6.23 using NSS database and RSA keys as described in the README.nss file.
> When I attempt to bring up the connection using openswan 2.6.25, I get the following error:
>
> 003 "/etc/ipsec.d/ipsec.secrets" line 2: NSS certificate not found
>
>    
Are you using NSS sql database format? It can be checked if you have 
cert9.db and key4.db in your /etc/ipsec.d dir. If so, please export 
environment variable NSS_DEFAULT_DB_TYPE="sql" or ( export 
NSS_DEFAULT_DB_TYPE="sql") . The reason is that the latest Openswan 
releases have been changed to old NSS database format by default.

Thanks and Regards
Avesh


> Please advise what I need to alter in my configuration to make it work for openswan 2.6.25. What follows is my
> ipsec.conf for your consideration:
>
>    


> ipsec.conf
> ----
> version 2.0
>
> config setup
> interfaces = "ipsec0=eth0"
>
> conn %default
> keyingtries = 0
> leftrsasigkey = %cert
> rightrsasigkey = %cert
> rekey = no
> esp = "aes-sha1"
> ike = "aes-sha1"
> type = transport
> auto = add
>
> conn left-right
> left = left.example.com
> leftid = "CN=left.example.com"
> leftcert = left
> leftsourceip = left.example.com
> leftnexthop = right.example.com
> right = right.example.com
> rightid = "CN=right.example.com"
> rightcert = right
> rightsourceip = right.example.com
> rightnexthop = left.example.com
> ----
>
> ipsec.secrets
> ----
> @left.example.com : RSA left
> ----
>
> nsspassword
> ----
> NSS Certificate DB:nss_password
> ----
>
> Many thanks in advance,
>
> Martin
>
>
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>    



More information about the Users mailing list