<html>
  <head>

    <meta http-equiv="content-type" content="text/html; charset=utf-8">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    Hi,<br>
    <br>
    I'm trying to see if I can set up a VPN with Windows Phone 8.1 and
    I've fallen over before even getting as far as the phone. I cannot
    get Libreswan to read the certificate I created. I've used the
    instructions at <a class="moz-txt-link-freetext" href="https://libreswan.org/wiki/Using_NSS_with_libreswan">https://libreswan.org/wiki/Using_NSS_with_libreswan</a>
    and I've done the following:<br>
    <blockquote><tt>rm /etc/ipsec.d/*.db</tt><br>
      <tt>ipsec initnss</tt><br>
      <tt>certutil -S -k rsa -n "HowittsCA" -s "CN=Howitt Family" -v 12
        -t "C,C,C" -x -d /etc/ipsec.d</tt><br>
      <tt>certutil -S -k rsa -c "HowittsCA" -n "alex" -s "CN=Alex
        Howitt" -v 12 -t "u,u,u" -d /etc/ipsec.d</tt><br>
    </blockquote>
    <br>
    certutil -L -d /etc/ipsec.d/ gives:<br>
    <blockquote><tt>Certificate
        Nickname                                         Trust
        Attributes</tt><br>
      <tt>                                                            
        SSL,S/MIME,JAR/XPI</tt><br>
      <br>
      <tt>HowittsCA                                                   
        Cu,Cu,Cu</tt><br>
      <tt>alex                                                        
        u,u,u</tt><br>
    </blockquote>
    <br>
    In ipsec.secrets I have:<br>
    <blockquote>: RSA alex<br>
    </blockquote>
    Running "ipsec secrets" gives:<br>
    <blockquote><tt>002 forgetting secrets</tt><br>
      <tt>002 loading secrets from "/etc/ipsec.secrets"</tt><br>
      <tt>002 loading secrets from "/etc/ipsec.d/ipsec.secrets"</tt><br>
      <tt>002     could not open host cert with nick name 'alex' in NSS
        DB</tt><br>
      <tt>003 "/etc/ipsec.d/ipsec.secrets" line 1: NSS certficate not
        found</tt><br>
      <tt>002 loading secrets from
        "/etc/ipsec.d/ipsec.unmanaged.MumIn.secrets"</tt><br>
      <tt>002 loading secrets from
        "/etc/ipsec.d/ipsec.unmanaged.PaulIn.secrets"</tt><br>
    </blockquote>
    Similarly loading the conn gives:<br>
    <blockquote><tt>ipsec auto --add roadwarriors</tt><br>
      <tt>000 leftcert with the nickname "alex" does not exist in NSS db</tt><br>
    </blockquote>
    Any idea where I've gone wrong?<br>
    <br>
    Once I get past this Win8 phone uses IKEv2. I do not want to use
    l2tp so I was going to initially try a config without XAUTH and
    failing that, with XAUTH. Am I on the right track?<br>
    <br>
    Thanks,<br>
    <br>
    Nick<br>
  </body>
</html>