[Swan] IPSEC secret entries
paul at nohats.ca
Sun Jul 7 18:18:01 UTC 2019
On Sun, 7 Jul 2019, Madhan Raj wrote:
> I am getting an below warning
> Pluto ipsec.secret syntax INTERNAL ERROR - unknown rcode:WARNING
> 003 "/etc/ipsec.d/secrets/ 1207277490.secrets" line 1: WARNING: The :RSA secrets entries for X.509 certificates are no longer needed
> my secrets file entry:-
> [root at cucm-117 ~]# cat /etc/ipsec.d/secrets/1207277490.secrets
> : RSA "ipsec-db"
You can remove this line from /etc/ipsec.d/secrets/1207277490.secrets
For certificates, libreswan finds the secret key inside the NSS database, without needing
this : RSA "certname" entry.
I am surprised this has somehow became an INTERNAL ERROR. It is supposed
to be only a warning.
More information about the Swan