[Openswan Users] Trying to get openswan and libreswan to interoperate
jchludzinski
jchludzinski at vivaldi.net
Thu Apr 4 18:46:03 EDT 2019
After a little research it appears that I lack support for NSS with the
openswan package I installed from the Raspbian repo.
So I went to github, clone the openswan project and built and installed
it. Again no support for NSS.
Next I:
$ set -x USE_LIBNSS true
(I use the fish shell, like all sane people).
Then:
$ make programs
$ sudo make install
Now the '--configdir" is there.
On 2019-04-04 16:17, jchludzinski wrote:
> 1st, let me say up front: I'm a IPSec newbie.
>
> I'm trying to get openswan and libreswan to interoperate because I'm
> dealing with a situation where on one side I'm using Raspbian and on
> the other side I'm using CentOS 7.4.
>
> The Raspbian repo only contains openswan. I tried building libreswan
> from github but I had to retreat to an older version to get it to
> build. I built and installed an older version but it had "issues"
> running.
>
> So on Raspbian I'm using openswan.
>
> I tried using the secrets file generated with libreswan but it assumes
> all private info associated with a key is "stored in the NSS
> database".
>
> When I try:
>
> # ipsec newhostkey --output /etc/ipsec.secrets.new --configdir /tmp
>
> I get: /usr/lib/ipsec/rsasigkey: unrecognized option '--configdir'
>
> Why is this an "unrecognized option" ? According to "ipsec newhostkey
> --help", it's a perfectly valid option.
>
> A broader question: Are there issues with getting openswan to store
> secret/private info in the key in an NSS database? ... to parallel the
> way it functions by default in libreswan.
--
NULL
More information about the Users
mailing list