[Swan] Are libreswan and openswan interoperable ?
paul at nohats.ca
Fri Apr 5 08:05:08 UTC 2019
On Thu, 4 Apr 2019, jchludzinski wrote:
> I’m running openswan with a secrets file generated by libreswan. It’s
> complaining about “PrivateExponent keyword not found where expected in RSA
> Well, there is no “PrivateExponent keyword” in a secrets file generated by
libreswan uses the NSS database for its keys, and not the secrets file.
Openswan did use NSS in RHEL as well, but perhaps you have a non-rhel
openswan. In that case, you will have to regenerate new keys on each
end using their own mechanisms, eg ipsec newhostkey --output
/etc/ipsec.secrets and run ipsec showhostkey to see the public keys
to put in the configurations.
More information about the Swan