[Swan] IPSEC secret entries
madhanrajrm at gmail.com
Sun Jul 7 18:36:00 UTC 2019
It just throws that INTERNAL ERROR output when i just run "ipsec verify "
other than that ipsec functionality works fine.
Do you see any other obsolete config on ipsec.conf which i have attached to
this email thread earlier ?.
On Sun, Jul 7, 2019 at 11:48 PM Paul Wouters <paul at nohats.ca> wrote:
> On Sun, 7 Jul 2019, Madhan Raj wrote:
> > I am getting an below warning
> > Pluto ipsec.secret syntax INTERNAL ERROR - unknown rcode:WARNING
> > 003 "/etc/ipsec.d/secrets/ 1207277490.secrets" line 1: WARNING: The :RSA
> secrets entries for X.509 certificates are no longer needed
> > my secrets file entry:-
> > [root at cucm-117 ~]# cat /etc/ipsec.d/secrets/1207277490.secrets
> > : RSA "ipsec-db"
> You can remove this line from /etc/ipsec.d/secrets/1207277490.secrets
> For certificates, libreswan finds the secret key inside the NSS database,
> without needing
> this : RSA "certname" entry.
> I am surprised this has somehow became an INTERNAL ERROR. It is supposed
> to be only a warning.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Swan