[Swan] private key for cert Thor not found in local cache; loading from NSS DB

Paul Wouters paul at nohats.ca
Mon Oct 8 22:17:17 UTC 2018


On Sun, 7 Oct 2018, rayv33n wrote:

> 
> Yes, sir. That actually helps me understand and confirm a few things. My lab setup has two hosts. Each host is in a different network routed through a firewall with no
> NAT. They work perfectly creating SA and having no problems. But when ipsechost01 tries to talk to the AWS instances check out ipsechost01 to Thor(AWS). Which is AWS NAT
> with ipsechost behind a firewall, also NAT.
> 
> Feel free to give me example configs or anything else you want me to try this is all lab stuff and I have time so I can be your lab monkey.

We do have various test cases covering all these IPv4 scenarios, see
test results at:

 	http://testing.libreswan.org/results/testing/v3.26-79-g41cda6b-master/

and the list of test cases and their configs:

https://github.com/libreswan/libreswan/tree/master/testing/pluto

The newoe-* testcases do a bunch of anonymous OE tests
the certoe-* test cases do opportunistic encryption using certificates

For example, certoe-06-nat-packet-cop seems to be the test case that
covers connecting from behind NAT to a server. I don't think we have
a testcase for a server behind a portforward like AWS. I'll see about
adding that in the near future.

Paul


More information about the Swan mailing list