[Swan] net-to-net for road warriors

Derek Cameron dcamero2016 at gmail.com
Thu Jan 24 16:17:24 UTC 2019

I did some experiments with Fedora 28. The instructions in the RHEL 7
Security Guide, section 4.6.3, "Creating Host-To-Host VPN Using
Libreswan," suggest you can just use:

ipsec newhostkey

I tried this, but it did not work. I got the problem that it cannot
find its own key. Instead I had to use the form given in the "Host to
host VPN" configuration example on the website, i.e.:

ipsec newhostkey --output /etc/ipsec.secrets

That created the correct entry to /etc/ipsec.secrets. Once I had
started ipsec on both ends, I was able to check that the tunnel was up

ipsec auto --start mytunnel


ipsec whack --trafficstatus

On Thu, Jan 24, 2019 at 6:34 AM Alex <mysqlstudent at gmail.com> wrote:
> > > At some point I thought it was working. Is there a known problem with
> > > using RSA keys? Any idea why it can't find its own private key?

More information about the Swan mailing list