[Swan] IPSEC secret entries

Madhan Raj madhanrajrm at gmail.com
Sun Jul 7 16:50:27 UTC 2019


Hi All,


I am getting an below warning

Pluto ipsec.secret syntax INTERNAL ERROR - unknown rcode:WARNING
003 "/etc/ipsec.d/secrets/ 1207277490.secrets" line 1: WARNING: The :RSA
secrets entries for X.509 certificates are no longer needed

my secrets file entry:-
[root at cucm-117 ~]# cat /etc/ipsec.d/secrets/1207277490.secrets
: RSA "ipsec-db"


I am using libreswan-3.20-3.el7.x86_64  and this is my /etc/ipsec.conf file
version 2.0     # conforms to second version of ipsec.conf specification

# basic configuration
config setup
        # For Red Hat Enterprise Linux, leave protostack=netkey
        protostack=netkey
        # plutodebug=crypt control controlmore pfkey dpd
        plutodebug=all
        klipsdebug=all
        nat_traversal=yes
        virtual_private=
        oe=off
        # Enable this if you see failed to find any available worker
        nhelpers=0
        plutorestartoncrash=yes
        # NSS DB Storage
        ipsecdir=/usr/local/platform/.security/ipsec
        nssdir =/usr/local/platform/.security/ipsec
        # Pluto core file if it cores...
        dumpdir=/var/log/active/core
        # For redirecting pluto logs, use plutostderrlog=directory of our
choice
        plutostderrlog = /var/log/active/syslog/secure

conn block

        auto=ignore

conn private
        auto=ignore

conn private-or-clear

        auto=ignore

conn clear-or-private

        auto=ignore

conn clear

        auto=ignore

conn packetdefault

        auto=ignore

# Place all our user configurations (.conf) files below
#include /etc/ipsec.d/conf/*.conf
include /etc/ipsec.d/conf/ 1207277490 .conf

Do you see any obsolete parameters in this conf file . can you comment the
same .

thanks ,
Madhan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20190707/3ec289cf/attachment.html>


More information about the Swan mailing list