[Swan] private key for cert Thor not found in local cache; loading from NSS DB
rayv33n
rayv33n at gmail.com
Mon Oct 8 22:21:45 UTC 2018
I'll give it a look. I just got my cellular device which approximates the
actually scenario we will have so this should be a bit easier.
On Mon, Oct 8, 2018 at 3:17 PM Paul Wouters <paul at nohats.ca> wrote:
> On Sun, 7 Oct 2018, rayv33n wrote:
>
> >
> > Yes, sir. That actually helps me understand and confirm a few things. My
> lab setup has two hosts. Each host is in a different network routed through
> a firewall with no
> > NAT. They work perfectly creating SA and having no problems. But when
> ipsechost01 tries to talk to the AWS instances check out ipsechost01 to
> Thor(AWS). Which is AWS NAT
> > with ipsechost behind a firewall, also NAT.
> >
> > Feel free to give me example configs or anything else you want me to try
> this is all lab stuff and I have time so I can be your lab monkey.
>
> We do have various test cases covering all these IPv4 scenarios, see
> test results at:
>
>
> http://testing.libreswan.org/results/testing/v3.26-79-g41cda6b-master/
>
> and the list of test cases and their configs:
>
> https://github.com/libreswan/libreswan/tree/master/testing/pluto
>
> The newoe-* testcases do a bunch of anonymous OE tests
> the certoe-* test cases do opportunistic encryption using certificates
>
> For example, certoe-06-nat-packet-cop seems to be the test case that
> covers connecting from behind NAT to a server. I don't think we have
> a testcase for a server behind a portforward like AWS. I'll see about
> adding that in the near future.
>
> Paul
>
--
You are FREE to become a slave
Key ID: 9A452ABAA4593489
Finger Print: 7A8A 5849 ED44 52B1 0D8A EDAC 9A45 2ABA A459 3489
*Pub Key: *
http://pgp.mit.edu:11371/pks/lookup?search=rayv33n%40gmail.com&op=index
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20181008/2cdcb828/attachment.html>
More information about the Swan
mailing list