[Openswan Users] Trying to get openswan and libreswan to interoperate
jchludzinski
jchludzinski at vivaldi.net
Thu Apr 4 16:17:45 EDT 2019
1st, let me say up front: I'm a IPSec newbie.
I'm trying to get openswan and libreswan to interoperate because I'm
dealing with a situation where on one side I'm using Raspbian and on the
other side I'm using CentOS 7.4.
The Raspbian repo only contains openswan. I tried building libreswan
from github but I had to retreat to an older version to get it to build.
I built and installed an older version but it had "issues" running.
So on Raspbian I'm using openswan.
I tried using the secrets file generated with libreswan but it assumes
all private info associated with a key is "stored in the NSS database".
When I try:
# ipsec newhostkey --output /etc/ipsec.secrets.new --configdir /tmp
I get: /usr/lib/ipsec/rsasigkey: unrecognized option '--configdir'
Why is this an "unrecognized option" ? According to "ipsec newhostkey
--help", it's a perfectly valid option.
A broader question: Are there issues with getting openswan to store
secret/private info in the key in an NSS database? ... to parallel the
way it functions by default in libreswan.
More information about the Users
mailing list