After straggling with openswan for a week, i thought of getting some help...

I have openswan 2.6.31 installed on two Fedoras 14 (latest) running on the same box under VirtualBox -

i'm trying to establish an ipsec connection between the two Fedoras (in case it's relevant they are running in private host network mode)

i have connectivity between the two Fedroas
i totally removed iptables
i created my own conf file with left and right data including the public keys as generated (each o different fedora) by ipsec showhostkey --left/right

i start ipsec from /etc/init.d/
i add the connection using ipsec auto --add (the connection name is host-to-host)
and then i --up the connection and here is what i get

...
"can't find the private key from the NSS cert (err -12285)

... and after few lines...
"possible authentication failure: no acceptable response to our first encrypted message"

i looked into /var/log/secure and i also see the following...


Mar 15 23:04:01 HisFedora pluto[4116]: "host-to-host" #6: Signature check (on @MacFedora) failed (wrong key?); tried *AQOmRjUPo
Mar 15 23:04:01 HisFedora pluto[4116]: "host-to-host" #6: sending encrypted notification INVALID_KEY_INFORMATION to 192.168.56.102:500

HisFedora and MacFedora are the two Fedoras i have

any thoughts?

Amir

ok, found the following...
not sure why but once I created the NSS cert/key database with an empty password, everything started to work as expected and the tunnel was established
when i used a non empty password, i saw in the log files that pluto was searching for nsspassword file and didn't find it (not sure how to create this file)

Anyone has a tip of how to make things work with a non empty password?

Amir