[Swan] CentOS 5 Migrate to Libreswan 3.0-1 from Openswan - include statement not working
Nels Lindquist
nlindq at maei.ca
Wed Oct 28 14:33:59 UTC 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi, Tom.
On 10/26/2015 6:54 PM, Tom Robinson wrote:
> I'm migrating an older CentOS 5 installation from
> Openswan-2.6.32-9 to Libreswan-3.0-1.
>
> I have a couple of issues:
>
> 1) I downloaded the libreswan rpm
> fromhttps://download.libreswan.org/binaries/rhel/5/i386/ but it
> appears to have a bad signature: # rpm -qp libreswan-3.0-1.i386.rpm
> error: libreswan-3.0-1.i386.rpm: Header V4 RSA/SHA256 signature:
> BAD, key ID b30fc6f9
>
> I've installed the
> https://download.libreswan.org/binaries/RPM-GPG-KEY-libreswan but
> it still reports a bad key. Now I've installed it with the
> --nosignature option.
I've also had issues with signatures in the LibreSWAN repository; not
quite sure what's going on there.
> 2) With my openswan configurations I used an include statement in
> the main /etc/ipsec.conf file to include configurations in the
> /etc/ipsec.d directory.
>
> # grep include /etc/ipsec.conf include /etc/ipsec.d/*.conf
>
> But this appears to be broken on my setup with libreswan.
> Libreswan would load only one of three configurations. The others
> wouldn't load. Libreswan kept reporting such things as:
>
> # ipsec auto --add seattle conn 'seattle': not found (tried
> aliases)
Is there a particular reason you installed 3.0 rather than the 3.9
package which is available from the same location? I'd try a later
version, personally.
I managed to build 3.10 on CentOS 5 by tweaking the spec file from 3.9
and snagging the 3.10 source; I have a number of included .conf files
working with no issues, so my speculation is that you've got an
early-release bug.
- --
Nels Lindquist
<nlindq at maei.ca>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.20 (MingW32)
iEYEARECAAYFAlYw3M0ACgkQh6z5POoOLgSSaQCcDDnFNDw8tnCyYhSPjSm9Xg8n
NpcAn2dG6wwu4mc/J3gdml5TiB04b/lM
=rco4
-----END PGP SIGNATURE-----
More information about the Swan
mailing list