[Openswan Users] Openswan connecting to Libreswan
Paul Wouters
paul at nohats.ca
Fri Nov 29 14:43:13 UTC 2013
On Fri, 29 Nov 2013, Martin Erasmus wrote:
> I am now trying to add a new FC 18 system, this version of openswan does not
> run on fc 18 as it comes up with unable to determine address for ...,
Fedora has obsoleted openswan and replaced it with libreswan. If you run
a yum update it should update your old openswan to the latest libreswan.
> So I
> have had to install Linux Libreswan 3.5 (netkey) on 3.10.13-101.fc18.x86_64
> on the new system. I have change the ipsec.conf file. I am now getting the
> error "no RSA public key known for "serverip"
Your private key in /etc/ipsec.secrets (or via include files) is not
being used. It has to be generated from within the secure NSS store.
> authby=secret|rsasig
> leftrsasigkey=0sAQNpNCFEGH
> rightrsasigkey=0sAQNueZGtVe
run this:
ipsec stop (if already running)
rm /etc/ipsec.d/*db (if running libreswan < 3.6-2 and it has been started once)
ipsec initnss *if running libreswan < 3.6-2 and it has been started once)
ipsec newhostkey --output /etc/ipsec.d/hostkey.secrets --configdir /etc/ipsec.d
Then run "ipsec showhostkey --left" to get your new public raw RSA key.
Also change authby to be just: authby=rsasigkey
Paul
--
Libreswan Developer - https://libreswan.org/
Red Hat Security - http://people.redhat.com/pwouters/
Personal Blog - https://nohats.ca/
More information about the Users
mailing list