[Swan] Are libreswan and openswan interoperable ?

Paul Wouters paul at nohats.ca
Fri Apr 5 08:05:08 UTC 2019

On Thu, 4 Apr 2019, jchludzinski wrote:

> I’m running openswan with a secrets file generated by libreswan. It’s 
> complaining about “PrivateExponent keyword not found where expected in RSA 
> key”.
> Well, there is no “PrivateExponent keyword” in a secrets file generated by 
> libreswan.

libreswan uses the NSS database for its keys, and not the secrets file.
Openswan did use NSS in RHEL as well, but perhaps you have a non-rhel
openswan. In that case, you will have to regenerate new keys on each
end using their own mechanisms, eg ipsec newhostkey --output
/etc/ipsec.secrets and run ipsec showhostkey to see the public keys
to put in the configurations.


More information about the Swan mailing list