[Openswan Users] Fwd: Re: Openswan connecting to Libreswan

Martin Erasmus martin at onyx.co.za
Fri Dec 6 15:05:25 UTC 2013


Hi Paul

if i do not update my openswan on my server but run the steps below will 
that effect my existing openswan connection?

I am run one box in a remote office that is running a very old version 
of linux and openswan on very old hardware and all this system does is 
act as a gateway, if i upgrade my server to libreswan will this old 
version of openswan connect to libreswan.

thanks


-------- Original Message --------
Subject: 	Re: [Openswan Users] Openswan connecting to Libreswan
Date: 	Fri, 29 Nov 2013 09:43:13 -0500 (EST)
From: 	Paul Wouters <paul at nohats.ca>
To: 	Martin Erasmus <martin at onyx.co.za>
CC: 	users at lists.openswan.org, swan at lists.libreswan.org



On Fri, 29 Nov 2013, Martin Erasmus wrote:

> I am now trying to add a new FC 18 system, this version of openswan does not
> run on fc 18 as it comes up with unable to determine address for ...,

Fedora has obsoleted openswan and replaced it with libreswan. If you run
a yum update it should update your old openswan to the latest libreswan.

> So I
> have had to install Linux Libreswan 3.5 (netkey) on 3.10.13-101.fc18.x86_64
> on the new system. I have change the ipsec.conf file. I am now getting the
> error "no RSA public key known for "serverip"

Your private key in /etc/ipsec.secrets (or via include files) is not
being used. It has to be generated from within the secure NSS store.

> authby=secret|rsasig
> leftrsasigkey=0sAQNpNCFEGH
> rightrsasigkey=0sAQNueZGtVe

run this:

ipsec stop (if already running)
rm /etc/ipsec.d/*db   (if running libreswan < 3.6-2 and it has been started once)
ipsec initnss         *if running libreswan < 3.6-2 and it has been started once)
ipsec newhostkey --output /etc/ipsec.d/hostkey.secrets --configdir /etc/ipsec.d

Then run "ipsec showhostkey --left" to get your new public raw RSA key.

Also change authby to be just: authby=rsasigkey

Paul
-- 
Libreswan Developer -https://libreswan.org/
Red Hat Security -http://people.redhat.com/pwouters/
Personal Blog -https://nohats.ca/



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20131206/7ae8ad85/attachment.html>


More information about the Users mailing list