[Swan] CentOS 5 Migrate to Libreswan 3.0-1 from Openswan - include statement not working

Nels Lindquist nlindq at maei.ca
Wed Oct 28 14:33:59 UTC 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi, Tom.

On 10/26/2015 6:54 PM, Tom Robinson wrote:

> I'm migrating an older CentOS 5 installation from
> Openswan-2.6.32-9 to Libreswan-3.0-1.
> 
> I have a couple of issues:
> 
> 1) I downloaded the libreswan rpm 
> fromhttps://download.libreswan.org/binaries/rhel/5/i386/ but it 
> appears to have a bad signature: # rpm -qp libreswan-3.0-1.i386.rpm
> error: libreswan-3.0-1.i386.rpm: Header V4 RSA/SHA256 signature:
> BAD, key ID b30fc6f9
> 
> I've installed the 
> https://download.libreswan.org/binaries/RPM-GPG-KEY-libreswan but 
> it still reports a bad key. Now I've installed it with the 
> --nosignature option.

I've also had issues with signatures in the LibreSWAN repository; not
quite sure what's going on there.

> 2) With my openswan configurations I used an include statement in 
> the main /etc/ipsec.conf file to include configurations in the 
> /etc/ipsec.d directory.
> 
> # grep include /etc/ipsec.conf include /etc/ipsec.d/*.conf
> 
> But this appears to be broken on my setup with libreswan.
> Libreswan would load only one of three configurations. The others
> wouldn't load. Libreswan kept reporting such things as:
> 
> # ipsec auto --add seattle conn 'seattle': not found (tried 
> aliases)

Is there a particular reason you installed 3.0 rather than the 3.9
package which is available from the same location?  I'd try a later
version, personally.

I managed to build 3.10 on CentOS 5 by tweaking the spec file from 3.9
and snagging the 3.10 source; I have a number of included .conf files
working with no issues, so my speculation is that you've got an
early-release bug.

- -- 
Nels Lindquist
<nlindq at maei.ca>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.20 (MingW32)

iEYEARECAAYFAlYw3M0ACgkQh6z5POoOLgSSaQCcDDnFNDw8tnCyYhSPjSm9Xg8n
NpcAn2dG6wwu4mc/J3gdml5TiB04b/lM
=rco4
-----END PGP SIGNATURE-----


More information about the Swan mailing list