[Openswan Users] Troubleshooting pluto crash - NSS related

Paul Wouters paul at xelerance.com
Thu Jul 21 09:57:45 EDT 2011

On Thu, 21 Jul 2011, Kevin Keane wrote:

> I'm trying to get openswan to establish an IPSec connection to my Sonicwall firewall. It works fine with a shared secret, but I can't get openswan to work with certificates. I'm using CentOS 5.6, with openswan 2.6.21-5.el5_6.4
> This version of Openswan uses NSS for certificate management. Unfortunately, as soon as I add my client certificate to the NSS database, pluto crashes with an error "NSS: slot for DH key gen is NULL" when the peer first tries to connect.
> This seems to be strictly related to the certificate database, not to the actual connection configuration. It happens even if I leave my tunnel configured for shared secret. I can resolve the problem simply by deleting the three certificate DB files and restarting openswan; a new, empty, certificate database does not trigger this problem.
> Any ideas how to solve this would be appreciated!

Can you do this with plutodebug=all and post it to the list?


More information about the Users mailing list