[Swan] IPSEC secret entries
Madhan Raj
madhanrajrm at gmail.com
Sun Jul 7 18:36:00 UTC 2019
Thanks Paul.
It just throws that INTERNAL ERROR output when i just run "ipsec verify "
other than that ipsec functionality works fine.
Do you see any other obsolete config on ipsec.conf which i have attached to
this email thread earlier ?.
~Madhan
On Sun, Jul 7, 2019 at 11:48 PM Paul Wouters <paul at nohats.ca> wrote:
> On Sun, 7 Jul 2019, Madhan Raj wrote:
>
> > I am getting an below warning
> >
> > Pluto ipsec.secret syntax INTERNAL ERROR - unknown rcode:WARNING
> > 003 "/etc/ipsec.d/secrets/ 1207277490.secrets" line 1: WARNING: The :RSA
> secrets entries for X.509 certificates are no longer needed
> >
> > my secrets file entry:-
> > [root at cucm-117 ~]# cat /etc/ipsec.d/secrets/1207277490.secrets
> > : RSA "ipsec-db"
>
> You can remove this line from /etc/ipsec.d/secrets/1207277490.secrets
> For certificates, libreswan finds the secret key inside the NSS database,
> without needing
> this : RSA "certname" entry.
>
> I am surprised this has somehow became an INTERNAL ERROR. It is supposed
> to be only a warning.
>
> Paul
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20190708/66dbf4bf/attachment.html>
More information about the Swan
mailing list