[Swan] IPSEC secret entries

Paul Wouters paul at nohats.ca
Sun Jul 7 18:18:01 UTC 2019

On Sun, 7 Jul 2019, Madhan Raj wrote:

> I am getting an below warning
> Pluto ipsec.secret syntax INTERNAL ERROR - unknown rcode:WARNING
> 003 "/etc/ipsec.d/secrets/ 1207277490.secrets" line 1: WARNING: The :RSA secrets entries for X.509 certificates are no longer needed
> my secrets file entry:- 
> [root at cucm-117 ~]# cat /etc/ipsec.d/secrets/1207277490.secrets
> : RSA "ipsec-db"

You can remove this line from /etc/ipsec.d/secrets/1207277490.secrets
For certificates, libreswan finds the secret key inside the NSS database, without needing
this : RSA "certname" entry.

I am surprised this has somehow became an INTERNAL ERROR. It is supposed
to be only a warning.


More information about the Swan mailing list