[Swan] IPSEC secret entries
Madhan Raj
madhanrajrm at gmail.com
Sun Jul 7 16:50:27 UTC 2019
Hi All,
I am getting an below warning
Pluto ipsec.secret syntax INTERNAL ERROR - unknown rcode:WARNING
003 "/etc/ipsec.d/secrets/ 1207277490.secrets" line 1: WARNING: The :RSA
secrets entries for X.509 certificates are no longer needed
my secrets file entry:-
[root at cucm-117 ~]# cat /etc/ipsec.d/secrets/1207277490.secrets
: RSA "ipsec-db"
I am using libreswan-3.20-3.el7.x86_64 and this is my /etc/ipsec.conf file
version 2.0 # conforms to second version of ipsec.conf specification
# basic configuration
config setup
# For Red Hat Enterprise Linux, leave protostack=netkey
protostack=netkey
# plutodebug=crypt control controlmore pfkey dpd
plutodebug=all
klipsdebug=all
nat_traversal=yes
virtual_private=
oe=off
# Enable this if you see failed to find any available worker
nhelpers=0
plutorestartoncrash=yes
# NSS DB Storage
ipsecdir=/usr/local/platform/.security/ipsec
nssdir =/usr/local/platform/.security/ipsec
# Pluto core file if it cores...
dumpdir=/var/log/active/core
# For redirecting pluto logs, use plutostderrlog=directory of our
choice
plutostderrlog = /var/log/active/syslog/secure
conn block
auto=ignore
conn private
auto=ignore
conn private-or-clear
auto=ignore
conn clear-or-private
auto=ignore
conn clear
auto=ignore
conn packetdefault
auto=ignore
# Place all our user configurations (.conf) files below
#include /etc/ipsec.d/conf/*.conf
include /etc/ipsec.d/conf/ 1207277490 .conf
Do you see any obsolete parameters in this conf file . can you comment the
same .
thanks ,
Madhan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20190707/3ec289cf/attachment.html>
More information about the Swan
mailing list