[Openswan Users] Fwd: Re: Openswan connecting to Libreswan
Martin Erasmus
martin at onyx.co.za
Fri Dec 6 15:05:25 UTC 2013
Hi Paul
if i do not update my openswan on my server but run the steps below will
that effect my existing openswan connection?
I am run one box in a remote office that is running a very old version
of linux and openswan on very old hardware and all this system does is
act as a gateway, if i upgrade my server to libreswan will this old
version of openswan connect to libreswan.
thanks
-------- Original Message --------
Subject: Re: [Openswan Users] Openswan connecting to Libreswan
Date: Fri, 29 Nov 2013 09:43:13 -0500 (EST)
From: Paul Wouters <paul at nohats.ca>
To: Martin Erasmus <martin at onyx.co.za>
CC: users at lists.openswan.org, swan at lists.libreswan.org
On Fri, 29 Nov 2013, Martin Erasmus wrote:
> I am now trying to add a new FC 18 system, this version of openswan does not
> run on fc 18 as it comes up with unable to determine address for ...,
Fedora has obsoleted openswan and replaced it with libreswan. If you run
a yum update it should update your old openswan to the latest libreswan.
> So I
> have had to install Linux Libreswan 3.5 (netkey) on 3.10.13-101.fc18.x86_64
> on the new system. I have change the ipsec.conf file. I am now getting the
> error "no RSA public key known for "serverip"
Your private key in /etc/ipsec.secrets (or via include files) is not
being used. It has to be generated from within the secure NSS store.
> authby=secret|rsasig
> leftrsasigkey=0sAQNpNCFEGH
> rightrsasigkey=0sAQNueZGtVe
run this:
ipsec stop (if already running)
rm /etc/ipsec.d/*db (if running libreswan < 3.6-2 and it has been started once)
ipsec initnss *if running libreswan < 3.6-2 and it has been started once)
ipsec newhostkey --output /etc/ipsec.d/hostkey.secrets --configdir /etc/ipsec.d
Then run "ipsec showhostkey --left" to get your new public raw RSA key.
Also change authby to be just: authby=rsasigkey
Paul
--
Libreswan Developer -https://libreswan.org/
Red Hat Security -http://people.redhat.com/pwouters/
Personal Blog -https://nohats.ca/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20131206/7ae8ad85/attachment.html>
More information about the Users
mailing list