[ale] openswan is unusable
David A. De Graaf
dad at datix.us
Sat Oct 30 15:18:46 EDT 2010
On Sat, Oct 30, 2010 at 01:27:12PM -0400, Jim Kinney wrote:
> Dig on redhat docs for ipsec or vpn
> Nss is the "netscape secure sockets" that is viewed by many as more robust than
> ssl. Many keys are automagically stored and accessed in /etc/pki
>
> On Oct 30, 2010 1:20 PM, "David A. De Graaf" <dad at datix.us> wrote:
> > I've posted this query on the fedora-list mailing list, but I think
> > the security experts at ALE might know the answers and be more
> > helpful.
> >
> >
> > Has anyone managed to configure an openswan tunnel under Fedora 13?
> > The instructions in /usr/share/doc/openswan-doc-2.6.29 may have been
> > correct once upon a time, but are simply wrong now.
NEVERMIND... :-)
Thanks, Jim, but further depths of googling led me to discover
<doc>/README.nss where I found a hint.
The whole NSS password mess can be bypassed by NOT supplying a password
when creating the NSS db, eg
certutil -N -d /etc/ipsec.d
(just hit enter when prompted for a password)
Then create the RSA key without mentioning the --password option:
ipsec newhostkey --configdir /etc/ipsec.d \
--output /etc/ipsec.d/ipsec.secrets
and continue normally to create the net2net.conf file containing the
left and right rsasigkey's.
My tunnel now connects properly. Eureka.
--
David A. De Graaf DATIX, Inc. Hendersonville, NC
dad at datix.us www.datix.us
More information about the Ale
mailing list