[Openswan Users] can not load private key which is in ipsec.d/private
MichaelLeung
gbcbooksmj at gmail.com
Sat Nov 29 06:19:18 EST 2014
Hi Laurent
do you compile openswan yourself ?
actually i compile openswan this time instead of install it from yum
repository.
all certficate and private key are readed properly now , bu i am facing
another issue now , please see the following.
i compile openswan-2.6.42 with options USE_LIBNSS=false in Makefile.inc
i have highlght those lines which i think are important
from the debug info , i think ipsec have pass phase 1 and going into
phase , but stock in it.
no matter which authentication method i use , RSA or PSK, got the same
error .
so i turn my force on ip command . i think so they have relationship.
---------------------------------------------------------------------
[root at opensips openswan-2.6.42]# ipsec verify
Checking if IPsec got installed and started correctly:
Version check and ipsec on-path [OK]
Openswan U2.6.42/K2.6.32-71.el6.x86_64 (netkey)
See `ipsec --copyright' for copyright information.
Checking for IPsec support in kernel [OK]
NETKEY: Testing XFRM related proc values
ICMP default/send_redirects [OK]
ICMP default/accept_redirects [OK]
XFRM larval drop [OK]
Hardware random device check [N/A]
Checking rp_filter [OK]
Checking that pluto is running [OK]
Pluto listening for IKE on udp 500 [OK]
Pluto listening for IKE on tcp 500 [NOT IMPLEMENTED]
Pluto listening for IKE/NAT-T on udp 4500 [OK]
Pluto listening for IKE/NAT-T on tcp 4500 [NOT IMPLEMENTED]
Pluto listening for IKE on tcp 10000 (cisco) [NOT IMPLEMENTED]
Checking NAT and MASQUERADEing [TEST INCOMPLETE]
Checking 'ip' command [IP XFRM BROKEN]
Checking 'iptables' command [OK]
-----------------------------------------------------------------------------------
-----------------------------------------------------------------
[root at opensips openswan-2.6.42]# iptables -t nat -nvL --line-number
Chain PREROUTING (policy ACCEPT 191 packets, 26716 bytes)
num pkts bytes target prot opt in out source
destination
Chain POSTROUTING (policy ACCEPT 470 packets, 28906 bytes)
num pkts bytes target prot opt in out source
destination
1 0 0 MASQUERADE all -- * eth0 192.168.7.0/24
0.0.0.0/0
Chain OUTPUT (policy ACCEPT 470 packets, 28906 bytes)
num pkts bytes target prot opt in out source
destination
---------------------------------------------------------------------------------------------
-------------------------------------------------------------------pluto
debug log-----------
packet from 10.7.67.11:500: received Vendor ID payload [RFC 3947] method
set to=115
packet from 10.7.67.11:500: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 115
packet from 10.7.67.11:500: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 115
packet from 10.7.67.11:500: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-00]
packet from 10.7.67.11:500: ignoring Vendor ID payload [FRAGMENTATION
80000000]
packet from 10.7.67.11:500: received Vendor ID payload [Dead Peer Detection]
"L2TP-PSK-NAT"[1] 10.7.67.11 #1: responding to Main Mode from unknown
peer 10.7.67.11
"L2TP-PSK-NAT"[1] 10.7.67.11 #1: transition from state STATE_MAIN_R0 to
state STATE_MAIN_R1
"L2TP-PSK-NAT"[1] 10.7.67.11 #1: STATE_MAIN_R1: sent MR1, expecting MI2
"L2TP-PSK-NAT"[1] 10.7.67.11 #1: NAT-Traversal: Result using
draft-ietf-ipsec-nat-t-ike (MacOS X): peer is NATed
"L2TP-PSK-NAT"[1] 10.7.67.11 #1: transition from state STATE_MAIN_R1 to
state STATE_MAIN_R2
"L2TP-PSK-NAT"[1] 10.7.67.11 #1: STATE_MAIN_R2: sent MR2, expecting MI3
"L2TP-PSK-NAT"[1] 10.7.67.11 #1: Main mode peer ID is ID_IPV4_ADDR:
'172.16.67.157'
"L2TP-PSK-NAT"[1] 10.7.67.11 #1: switched from "L2TP-PSK-NAT" to
"L2TP-PSK-NAT"
"L2TP-PSK-NAT"[2] 10.7.67.11 #1: deleting connection "L2TP-PSK-NAT"
instance with peer 10.7.67.11 {isakmp=#0/ipsec=#0}
"L2TP-PSK-NAT"[2] 10.7.67.11 #1: transition from state STATE_MAIN_R2 to
state STATE_MAIN_R3
"L2TP-PSK-NAT"[2] 10.7.67.11 #1: new NAT mapping for #1, was
10.7.67.11:500, now 10.7.67.11:4500
"L2TP-PSK-NAT"[2] 10.7.67.11 #1: STATE_MAIN_R3: sent MR3, ISAKMP SA
established {auth=OAKLEY_PRESHARED_KEY cipher=aes_256 prf=oakley_sha
group=modp1024}
"L2TP-PSK-NAT"[2] 10.7.67.11 #1: the peer proposed:
10.7.255.154/32:17/1701 -> 172.16.67.157/32:17/0
"L2TP-PSK-NAT"[2] 10.7.67.11 #2: responding to Quick Mode proposal
{msgid:f0afdbca}
"L2TP-PSK-NAT"[2] 10.7.67.11 #2: us: 10.7.255.154<10.7.255.154>:17/1701
"L2TP-PSK-NAT"[2] 10.7.67.11 #2: them:
10.7.67.11[172.16.67.157]:17/0===172.16.67.157/32
| warning: NETKEY/XFRM in transport mode accepts ALL encrypted protoport
packets between the hosts in violation of RFC 4301, Section 5.2
"L2TP-PSK-NAT"[2] 10.7.67.11 #2: transition from state STATE_QUICK_R0 to
state STATE_QUICK_R1
"L2TP-PSK-NAT"[2] 10.7.67.11 #2: STATE_QUICK_R1: sent QR1, inbound IPsec
SA installed, expecting QI2
| warning: NETKEY/XFRM in transport mode accepts ALL encrypted protoport
packets between the hosts in violation of RFC 4301, Section 5.2
"L2TP-PSK-NAT"[2] 10.7.67.11 #2: transition from state STATE_QUICK_R1 to
state STATE_QUICK_R2
"L2TP-PSK-NAT"[2] 10.7.67.11 #2: STATE_QUICK_R2: IPsec SA established
tunnel mode {ESP=>0x05335c89 <0x961dc879 xfrm=AES_256-HMAC_SHA1
NATOA=none NATD=10.7.67.11:4500 DPD=none}
-------------------------------------------------------------------------------------------------------------------
--Michael Leung
On 11/29/2014 06:59 PM, Jouannic Laurent wrote:
> Hi Michael,
>
> No,
>
> I did myself, my certificat with openssh with CA.sh wich is included
> with openssh
> (But you need first to build your root Ca certificate with openssh), then:
> /theGoodPath//CA.sh -request
> /theGoodPath//CA.sh -sign
>
> You will get a newcert.pem and a newcert.key
>
> And then after with your newcert.pem, newcert.key and your
> rootCa.pem , generate a newcert.p12 with openssh for the other side.
>
> This is the only way I know.
>
> Good luck.
>
> Laurent
>
>
>
> Le 29/11/2014 07:18, MichaelLeung a écrit :
>> Hi Laurent
>>
>> I still can not private key from ipsec.secrets properly.
>> did you do something different ?
>>
>> --Michael Leung
>>
>> On 11/29/2014 12:25 AM, Laurent Jouannic wrote:
>>> Hi Michael,
>>>
>>> Yes I used them for a while.
>>>
>>> _ipsec.conf:_
>>>
>>> conn site_A
>>> leftid="C=FR, ST=FRANCE, L=city1, O=XXXX, OU=YYYY,
>>> CN=common_name1, Email=common_name1 at domaine.fr"
>>> leftsubnet=192.168.1.0/24
>>> leftcert=cert1.pem
>>> leftrsasigkey=%cert
>>> right=65.109.74.42
>>> rightsubnet=192.168.2.1/32
>>> rightid="C=FR, ST=Sud, L=city2, O=XXXX, OU=ZZZZ,
>>> CN=common_name2, Email=common_name2 at domaine.fr"
>>> rightcert=cert2.pem
>>> rightrsasigkey=%cert
>>> rightca="C=FR, ST=Rhone, L=city1, O=XXXX, OU=MMMM,
>>> CN=common_name_CA, Email=common_name_CA at domaine.fr"
>>> auto=add
>>> pfs=yes
>>>
>>>
>>> _ipsec.secrets_
>>>
>>> : RSA cert1.key "pass_phrase_for_private_key"
>>>
>>>
>>> _files:_
>>>
>>> /etc/ipsec.d/certs/cert1.pem
>>> /etc/ipsec.d/certs/cert2.pem
>>> /etc/ipsec.d/private/cert1.key
>>> /etc/ipsec.d/private/cert2.key
>>> /etc/ipsec.d/cacerts/ca_certificate.pem
>>>
>>> And on the Win7 box with shrew soft:
>>> cert2.p12
>>>
>>> Cheers.
>>>
>>> Laurent
>>>
>>> Le 28/11/2014 13:33, Michael Leung a écrit :
>>>> Hi Laurent
>>>>
>>>> did you find out a way how to let x509 work on lastest version
>>>> openswan ?
>>>>
>>>>
>>>>
>>>> On Thu, Nov 27, 2014 at 6:40 PM, Laurent Jouannic
>>>> <laurent.jouannic at cbsa.fr <mailto:laurent.jouannic at cbsa.fr>> wrote:
>>>>
>>>> Well,
>>>>
>>>> I'm jocking a bit about old way, new way,
>>>>
>>>> But I've never used NSS stuff
>>>>
>>>> May be, you should generate an other pkcs12 file and when you
>>>> generate it change nexus.openswan.com
>>>> <http://nexus.openswan.com> - HCA to nexus.openswan.com
>>>> <http://nexus.openswan.com>-HCA
>>>>
>>>> Cheers.
>>>>
>>>> Laurent
>>>>
>>>> Le 27/11/2014 10:51, Michael Leung a écrit :
>>>>> Hi
>>>>>
>>>>> My user certificate is a pkcs12 one , it has to contain a
>>>>> private key in it ,
>>>>>
>>>>> and Certutil can not add it to its database , so i have to use
>>>>> pk12util instead of certutil to insert the certificate to NSS
>>>>> certification DB, thus , see below
>>>>>
>>>>> ---------------------------------
>>>>>
>>>>> [root at opensips certs]# pk12util -n "nexus5.p12" -i
>>>>> /root/ipsec/CA/nexus/nexus5.p12 -d /etc/ipsec.d
>>>>> Enter password for PKCS12 file:
>>>>> *pk12util: no nickname for cert in PKCS12 file.*
>>>>> pk12util: using nickname: nexus.openswan.com
>>>>> <http://nexus.openswan.com> - HCA
>>>>> pk12util: PKCS12 IMPORT SUCCESSFUL
>>>>>
>>>>> -------------------------------------------------------
>>>>>
>>>>> i have specified the nickname which can be use as a value in
>>>>> /leftcert/ , but failed, pk12util will name its nickname
>>>>> itself , unfortunately , it contain the spaces,
>>>>>
>>>>> that is why i have to put them in quotation.
>>>>>
>>>>> i am wondering why old way did not work , what is your
>>>>> openswan version ?
>>>>>
>>>>> mine is /Linux Openswan U2.6.32/K2.6.32-71.el6.x86_64 (netkey)/
>>>>> /
>>>>> /
>>>>> /
>>>>> /
>>>>> /--/Micheal Leung
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> On Thu, Nov 27, 2014 at 5:23 PM, Laurent Jouannic
>>>>> <laurent.jouannic at cbsa.fr <mailto:laurent.jouannic at cbsa.fr>>
>>>>> wrote:
>>>>>
>>>>> Hi,
>>>>>
>>>>> I've never used NSS stuff, I'm driving old way, freewan's
>>>>> way :)
>>>>>
>>>>> Well I found some stuff on this url:
>>>>>
>>>>> http://sophie.zarb.org/distrib/CentOS/5/i386/rpms/openswan-doc/files/12
>>>>>
>>>>> NSS bring some new way:
>>>>>
>>>>> Changes in the certificates usage with Pluto
>>>>> ------------------------------------------------
>>>>> 1) ipsec.conf changes
>>>>>
>>>>> The only change is "leftcert" field must contain the nick name of the user
>>>>> cert. For example if the nickname of the user cert is "xyz", then it can be
>>>>> "leftcert=xyz".
>>>>>
>>>>> 2) ipsec.secrets changes
>>>>>
>>>>> : RSA <user-cert-nick-name>
>>>>>
>>>>> You just need to provide the user cert's nick name. For example if the nickname
>>>>> of the user cert is "xyz", then
>>>>>
>>>>> : RSA xyz
>>>>>
>>>>> There is no need to provide private key file information or its password.
>>>>>
>>>>> 3) changes in the directories in /etc/ipsec.d/ (cacerts, certs, private)
>>>>> i)You need not have "private" or "certs" directory.
>>>>>
>>>>>
>>>>> So
>>>>>
>>>>> If I anderstood you should have to use some *"* around
>>>>> your /leftcert_value/
>>>>>
>>>>> : RSA "gateway.openswan.com <http://gateway.openswan.com>
>>>>> - HCA"
>>>>> =>
>>>>> : RSA gateway.openswan.com <http://gateway.openswan.com> - HCA
>>>>>
>>>>> But I guess that some space ' ' isn't welcome, maybe you
>>>>> should change your certificate (strip the ' ') to get
>>>>> gateway.openswan.com <http://gateway.openswan.com>-HCA
>>>>> instead of gateway.openswan.com
>>>>> <http://gateway.openswan.com> - HCA
>>>>>
>>>>> Good luck.
>>>>>
>>>>>
>>>>>
>>>>> Le 27/11/2014 02:58, Michael Leung a écrit :
>>>>>>
>>>>>> : RSA file. Key "password"
>>>>>>
>>>>>> I try this too, openswan would considered its a nickname
>>>>>> and then try to read it from NSS certification DB.
>>>>>>
>>>>>> On Nov 26, 2014 11:25 PM, "Laurent Jouannic"
>>>>>> <laurent.jouannic at cbsa.fr
>>>>>> <mailto:laurent.jouannic at cbsa.fr>> wrote:
>>>>>>
>>>>>> This line is strange isn't it...
>>>>>>
>>>>>> : RSA "gateway.openswan.com
>>>>>> <http://gateway.openswan.com> - HCA"
>>>>>>
>>>>>> It should be like:
>>>>>>
>>>>>> : RSA file.key "pass"
>>>>>>
>>>>>> OR
>>>>>>
>>>>>> @ID_connection: RSA {
>>>>>> # RSA 2 pow n bits debian /date/
>>>>>> # for signatures only, UNSAFE FOR ENCRYPTION
>>>>>> #pubkey=/pubkey/
>>>>>> #IN KEY xxxxx
>>>>>> XYXYXYXYXYYXYYXY
>>>>>> # blablabla
>>>>>> Modulus:
>>>>>> MODMOD
>>>>>> PublicExponent: 51
>>>>>> # everything after this point is secret
>>>>>> PrivateExponent: 0xXXXXXX
>>>>>> Prime1: 0xXXXXXX
>>>>>> Prime2: 0xXXXXXX
>>>>>> Exponent1: 0xXXXXXX
>>>>>> Exponent2: 0xXXXXXX
>>>>>> Coefficient: 0xXXXXXX
>>>>>> }
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> Le 26/11/2014 10:35, Michael Leung a écrit :
>>>>>>> this is my ipsec.conf
>>>>>>>
>>>>>>> version 2.0
>>>>>>>
>>>>>>> config setup
>>>>>>> protostack=netkey
>>>>>>> nat_traversal=yes
>>>>>>> virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v6:fd00::/8,%v6:fe80::/10
>>>>>>> <http://10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v6:fd00::/8,%v6:fe80::/10>
>>>>>>> oe=off
>>>>>>> dumpdir=/var/run/pluto/
>>>>>>> plutostderrlog=/var/log/pluto.log
>>>>>>>
>>>>>>> conn L2TP-PSK-NAT
>>>>>>> rightsubnet=vhost:%priv
>>>>>>> also=L2TP-PSK-noNAT
>>>>>>>
>>>>>>> conn L2TP-PSK-noNAT
>>>>>>> authby=rsasig
>>>>>>> pfs=no
>>>>>>> auto=add
>>>>>>> keyingtries=3
>>>>>>> rekey=no
>>>>>>> ikelifetime=8h
>>>>>>> keylife=1h
>>>>>>> type=transport
>>>>>>>
>>>>>>> left=10.7.255.154
>>>>>>> leftsubnet=192.168.7.0/24 <http://192.168.7.0/24>
>>>>>>> leftprotoport=17/1701
>>>>>>> leftsendcert=always
>>>>>>> leftrsasigkey=%cert
>>>>>>> leftcert="gateway.openswan - HCC"
>>>>>>>
>>>>>>> right=%any
>>>>>>> rightprotoport=17/%any
>>>>>>> rightrsasigkey=%cert
>>>>>>>
>>>>>>>
>>>>>>> On Wed, Nov 26, 2014 at 5:15 PM, Michael Leung
>>>>>>> <gbcbooksmj at gmail.com <mailto:gbcbooksmj at gmail.com>>
>>>>>>> wrote:
>>>>>>>
>>>>>>> HI Group
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> following is my ipsec.d/ipsec.secrets content
>>>>>>> #------------------------------------------------------------
>>>>>>> : RSA "gateway.openswan.com
>>>>>>> <http://gateway.openswan.com> - HCA"
>>>>>>> : RSA vpngateway.key "123123123ly"
>>>>>>> #--------------------------------------------------------------
>>>>>>>
>>>>>>> after starting ipsec setup start
>>>>>>>
>>>>>>> we got debug info
>>>>>>> -----------------------------------
>>>>>>> could not open host cert with nick name
>>>>>>> 'vpngateway.key' in NSS DB
>>>>>>> "/etc/ipsec.d/ipsec.secrets" line 2: NSS
>>>>>>> certficate not found
>>>>>>> -----------------------------------
>>>>>>>
>>>>>>> i notice that my OS is Centos 6.5 , i installed
>>>>>>> openswan from yum repository , which means
>>>>>>> openswan have turn use_nss=true on, so i can
>>>>>>> understand why we still have NSS certificate not
>>>>>>> found output
>>>>>>>
>>>>>>> but for which i am wondering is
>>>>>>>
>>>>>>> we also have this debug output
>>>>>>>
>>>>>>> ----------------------------------------
>>>>>>> packet from 10.7.60.65:500
>>>>>>> <http://10.7.60.65:500>: received Vendor ID
>>>>>>> payload [RFC 3947] method set to=109
>>>>>>> packet from 10.7.60.65:500
>>>>>>> <http://10.7.60.65:500>: received Vendor ID
>>>>>>> payload [draft-ietf-ipsec-nat-t-ike-02]
>>>>>>> meth=107, but already using method 109
>>>>>>> packet from 10.7.60.65:500
>>>>>>> <http://10.7.60.65:500>: received Vendor ID
>>>>>>> payload [draft-ietf-ipsec-nat-t-ike-02_n]
>>>>>>> meth=106, but already using method 109
>>>>>>> packet from 10.7.60.65:500
>>>>>>> <http://10.7.60.65:500>: received Vendor ID
>>>>>>> payload [draft-ietf-ipsec-nat-t-ike-00]
>>>>>>> packet from 10.7.60.65:500
>>>>>>> <http://10.7.60.65:500>: ignoring Vendor ID
>>>>>>> payload [FRAGMENTATION 80000000]
>>>>>>> packet from 10.7.60.65:500
>>>>>>> <http://10.7.60.65:500>: received Vendor ID
>>>>>>> payload [Dead Peer Detection]
>>>>>>> "L2TP-PSK-NAT"[1] 10.7.60.65 #1: responding to
>>>>>>> Main Mode from unknown peer 10.7.60.65
>>>>>>> "L2TP-PSK-NAT"[1] 10.7.60.65 #1: transition from
>>>>>>> state STATE_MAIN_R0 to state STATE_MAIN_R1
>>>>>>> "L2TP-PSK-NAT"[1] 10.7.60.65 #1: STATE_MAIN_R1:
>>>>>>> sent MR1, expecting MI2
>>>>>>> "L2TP-PSK-NAT"[1] 10.7.60.65 #1: NAT-Traversal:
>>>>>>> Result using RFC 3947 (NAT-Traversal): no NAT
>>>>>>> detected
>>>>>>> "L2TP-PSK-NAT"[1] 10.7.60.65 #1: transition from
>>>>>>> state STATE_MAIN_R1 to state STATE_MAIN_R2
>>>>>>> "L2TP-PSK-NAT"[1] 10.7.60.65 #1: STATE_MAIN_R2:
>>>>>>> sent MR2, expecting MI3
>>>>>>> "L2TP-PSK-NAT"[1] 10.7.60.65 #1: Main mode peer
>>>>>>> ID is ID_DER_ASN1_DN: 'C=CN, ST=Guangd, O=HCA,
>>>>>>> OU=HCA, CN=nexus.openswan.com
>>>>>>> <http://nexus.openswan.com>,
>>>>>>> E=supurstart at openswan.com
>>>>>>> <mailto:supurstart at openswan.com>'
>>>>>>> "L2TP-PSK-NAT"[1] 10.7.60.65 #1: I am sending my
>>>>>>> cert
>>>>>>> "L2TP-PSK-NAT"[1] 10.7.60.65 #1: password file
>>>>>>> contains no data
>>>>>>> "L2TP-PSK-NAT"[1] 10.7.60.65 #1: password file
>>>>>>> contains no data
>>>>>>> *"L2TP-PSK-NAT"[1] 10.7.60.65 #1: Can't find the
>>>>>>> private key from the NSS CERT (err -8177)*
>>>>>>> "L2TP-PSK-NAT"[1] 10.7.60.65 #1: transition from
>>>>>>> state STATE_MAIN_R2 to state STATE_MAIN_R3
>>>>>>> "L2TP-PSK-NAT"[1] 10.7.60.65 #1: STATE_MAIN_R3:
>>>>>>> sent MR3, ISAKMP SA established
>>>>>>> {auth=OAKLEY_RSA_SIG cipher=aes_256
>>>>>>> prf=oakley_sha group=modp1024}
>>>>>>>
>>>>>>> -----------------------------------------------------------------------------
>>>>>>>
>>>>>>> seems openswan dont load x509 certificate correctly
>>>>>>>
>>>>>>> i have transform x509 certificate to pkcs12 ,
>>>>>>> and import them to NSS DB.
>>>>>>>
>>>>>>> -------------------------------------
>>>>>>> [root at opensips log]# certutil -L -d /etc/ipsec.d/
>>>>>>>
>>>>>>> Certificate Nickname Trust Attributes
>>>>>>> SSL,S/MIME,JAR/XPI
>>>>>>>
>>>>>>> nexus.openswan.com <http://nexus.openswan.com> -
>>>>>>> HCA u,u,u
>>>>>>> gateway.openswan - HCA u,u,u
>>>>>>> -------------------------------------
>>>>>>>
>>>>>>> please give me some advice.
>>>>>>>
>>>>>>>
>>>>>>> --Michael Leung
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> Users at lists.openswan.org <mailto:Users at lists.openswan.org>
>>>>>>> https://lists.openswan.org/mailman/listinfo/users
>>>>>>> Micropayments:https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
>>>>>>> Building and Integrating Virtual Private Networks with Openswan:
>>>>>>> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> Users at lists.openswan.org
>>>>>> <mailto:Users at lists.openswan.org>
>>>>>> https://lists.openswan.org/mailman/listinfo/users
>>>>>> Micropayments:
>>>>>> https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
>>>>>> Building and Integrating Virtual Private Networks
>>>>>> with Openswan:
>>>>>> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>
>>
>
>
>
> ------------------------------------------------------------------------
> <http://www.avast.com/>
>
> L'absence de virus dans ce courrier électronique a été vérifiée par le
> logiciel antivirus Avast.
> www.avast.com <http://www.avast.com/>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20141129/ae282b83/attachment-0001.html>
More information about the Users
mailing list