[Swan] [Openswan Users] Openswan connecting to Libreswan

Paul Wouters paul at nohats.ca
Fri Nov 29 16:43:13 EET 2013


On Fri, 29 Nov 2013, Martin Erasmus wrote:

> I am now trying to add a new FC 18 system, this version of openswan does not 
> run on fc 18 as it comes up with unable to determine address for ...,

Fedora has obsoleted openswan and replaced it with libreswan. If you run
a yum update it should update your old openswan to the latest libreswan.

> So I 
> have had to install Linux Libreswan 3.5 (netkey) on 3.10.13-101.fc18.x86_64 
> on the new system. I have change the ipsec.conf file. I am now getting the 
> error "no RSA public key known for "serverip"

Your private key in /etc/ipsec.secrets (or via include files) is not
being used. It has to be generated from within the secure NSS store.

> authby=secret|rsasig
> leftrsasigkey=0sAQNpNCFEGH
> rightrsasigkey=0sAQNueZGtVe

run this:

ipsec stop (if already running)
rm /etc/ipsec.d/*db   (if running libreswan < 3.6-2 and it has been started once)
ipsec initnss         *if running libreswan < 3.6-2 and it has been started once)
ipsec newhostkey --output /etc/ipsec.d/hostkey.secrets --configdir /etc/ipsec.d

Then run "ipsec showhostkey --left" to get your new public raw RSA key.

Also change authby to be just: authby=rsasigkey

Paul
-- 
Libreswan Developer - https://libreswan.org/
Red Hat Security - http://people.redhat.com/pwouters/
Personal Blog - https://nohats.ca/


More information about the Swan mailing list