<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Hi,<br>
<br>
I'm trying to see if I can set up a VPN with Windows Phone 8.1 and
I've fallen over before even getting as far as the phone. I cannot
get Libreswan to read the certificate I created. I've used the
instructions at <a class="moz-txt-link-freetext" href="https://libreswan.org/wiki/Using_NSS_with_libreswan">https://libreswan.org/wiki/Using_NSS_with_libreswan</a>
and I've done the following:<br>
<blockquote><tt>rm /etc/ipsec.d/*.db</tt><br>
<tt>ipsec initnss</tt><br>
<tt>certutil -S -k rsa -n "HowittsCA" -s "CN=Howitt Family" -v 12
-t "C,C,C" -x -d /etc/ipsec.d</tt><br>
<tt>certutil -S -k rsa -c "HowittsCA" -n "alex" -s "CN=Alex
Howitt" -v 12 -t "u,u,u" -d /etc/ipsec.d</tt><br>
</blockquote>
<br>
certutil -L -d /etc/ipsec.d/ gives:<br>
<blockquote><tt>Certificate
Nickname Trust
Attributes</tt><br>
<tt>
SSL,S/MIME,JAR/XPI</tt><br>
<br>
<tt>HowittsCA
Cu,Cu,Cu</tt><br>
<tt>alex
u,u,u</tt><br>
</blockquote>
<br>
In ipsec.secrets I have:<br>
<blockquote>: RSA alex<br>
</blockquote>
Running "ipsec secrets" gives:<br>
<blockquote><tt>002 forgetting secrets</tt><br>
<tt>002 loading secrets from "/etc/ipsec.secrets"</tt><br>
<tt>002 loading secrets from "/etc/ipsec.d/ipsec.secrets"</tt><br>
<tt>002 could not open host cert with nick name 'alex' in NSS
DB</tt><br>
<tt>003 "/etc/ipsec.d/ipsec.secrets" line 1: NSS certficate not
found</tt><br>
<tt>002 loading secrets from
"/etc/ipsec.d/ipsec.unmanaged.MumIn.secrets"</tt><br>
<tt>002 loading secrets from
"/etc/ipsec.d/ipsec.unmanaged.PaulIn.secrets"</tt><br>
</blockquote>
Similarly loading the conn gives:<br>
<blockquote><tt>ipsec auto --add roadwarriors</tt><br>
<tt>000 leftcert with the nickname "alex" does not exist in NSS db</tt><br>
</blockquote>
Any idea where I've gone wrong?<br>
<br>
Once I get past this Win8 phone uses IKEv2. I do not want to use
l2tp so I was going to initially try a config without XAUTH and
failing that, with XAUTH. Am I on the right track?<br>
<br>
Thanks,<br>
<br>
Nick<br>
</body>
</html>