<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>Hi Paul, <br>
</p>
Thank you for your response. <br>
I did: <br>
#openssl pkcs12 -export -inkey key.pkey -in key.cer -out key.p12<br>
#ipsec import key.p12<br>
#service ipsec restart
<p>it'sound good but when I capture the traffic with wireshark, i didn't see encrypted traffic to a server who has racoon and ipsec tools.
<br>
</p>
<p>I would like to have encrypted ESP traffic. <br>
</p>
<p>Thank you for your help. <br>
</p>
<p><br>
</p>
<p><br>
</p>
<div class="moz-cite-prefix">On 11/13/19 3:17 PM, Paul Wouters wrote:<br>
</div>
<blockquote type="cite" cite="mid:92001941-A57B-4213-989E-D6991FC65F7A@nohats.ca">
[EXTERNAL]-Real sender is: <a class="moz-txt-link-abbreviated" href="mailto:paul@nohats.ca">
paul@nohats.ca</a><br>
<hr>
<br>
<div dir="ltr"><br>
On Nov 13, 2019, at 08:50, MARSON Ismenia <<a href="mailto:ismenia.marson-ext@sagemcom.com" moz-do-not-send="true">ismenia.marson-ext@sagemcom.com</a>> wrote:<br>
<br>
</div>
<blockquote type="cite">
<div dir="ltr"><span>Hello swan community,</span><br>
<span></span><br>
<span>I hope that you could help me or if you can give me some advice.</span><br>
<span>I used ubuntu 16 and i used ipsec-tools and racoon. I create racoon </span>
<br>
<span>certs in /etc/racoon/certs. I have two certs, a .cer and a .pkey files.</span><br>
<span>Now, i want to use debian 10 and i see that ipsec-tools and racoon are </span>
<br>
<span>not supported on this new OS.</span><br>
<span>I installed libreswan, and i want to keep using my old racoon certificates.</span><br>
</div>
</blockquote>
<div><br>
</div>
<div><a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__libreswan.org_wiki_HOWTO-3A-5FUsing-5FNSS-5Fwith-5Flibreswan-23Importing-5Fthird-2Dparty-5Ffiles-5Finto-5FNSS&d=DwMFaQ&c=3H3w9x2bmP2ldeACwfvarQ&r=0BVB9TyGPZePigFrF4jmZM_n8wfytXi94C0DPCz9ltY&m=IFjVaa4sYz7D3bhwUFHEDZ3LT7zGJ5hqERDPjNc2MmM&s=iiw1IIB36cyzM3KX_qGG6T5epWIfwpV9JgB7YvUgAHM&e=" moz-do-not-send="true">https://libreswan.org/wiki/HOWTO:_Using_NSS_with_libreswan#Importing_third-party_files_into_NSS</a></div>
<div><br>
</div>
<div>Create a pkcs#12 file from the cert/cacert and key, and run: ipsec import file.p12</div>
<div><br>
</div>
<div>Paul</div>
<blockquote type="cite">
<div dir="ltr"><span></span></div>
</blockquote>
</blockquote>
<HR>Ce courriel et les documents qui lui sont joints sont, sauf mention contraire, présumés de nature confidentielle et destinées à l'usage exclusif du ou des destinataire(s) mentionné(s). Si vous n'êtes pas le ou les destinataire(s), vous êtes informé(e) que toute divulgation, reproduction, distribution, toute autre diffusion ou utilisation de cette communication ou de tout ou partie de ces informations est strictement interdite, sauf accord préalable de l’expéditeur. Si ce message vous a été transmis par erreur, merci d’immédiatement en informer l'expéditeur et supprimer de votre système informatique ce courriel ainsi que tous les documents qui y sont attachés. En vous remerciant de votre coopération.<BR>
<BR>
This email and any attached documents are, unless otherwise stated, presumed to be confidential and intended for the exclusive use of the recipient(s) mentioned. If you are not the recipient(s), you are informed that any disclosure, reproduction, distribution, any other dissemination or use of this communication or all or part of this information is strictly prohibited, unless agreed beforehand by the sender. If you have received this e-mail in error, please immediately advise the sender and delete this e-mail and all the attached documents from your computer system. Thanking you for your cooperation.<BR>
</body>
</html>