[Swan] Looks like loading preshared keys does in fact need NSS
Paul Wouters
paul at nohats.ca
Fri Jun 28 07:40:25 EEST 2013
On Fri, 28 Jun 2013, Greg Scott wrote:
> Here is my next challenge. I am upgrading a couple of older systems. This is a pretty simple one with only 2 sites. I
> copied my preshared keys from the old to the new systems, tried to start up ipsec and this is what my /var/log/secure
> shows. So does this mean I have to build fresh keys to feed them into a new NSS database?
> Jun 27 23:05:37 localhost pluto[16056]: "/etc/ipsec.d/hostkey.secrets" line 14: CKAIDNSS keyword not found where expected in
> RSA key
If you only use PSK, then remove all but the PSK lines from the secrets
file.
Paul
More information about the Swan
mailing list