LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Fedora
User Name
Password
Fedora This forum is for the discussion of the Fedora Project.

Notices

Reply
 
Search this Thread
Old 03-16-2011, 04:45 AM   #1
amirn
LQ Newbie
 
Registered: Mar 2011
Distribution: Fedora,Ubunutu
Posts: 15

Rep: Reputation: 0
Unhappy OpenSwan question


could someone help me understand from where openswan's pluto get's his priavte keys from...

here is what i did
i run the following commands
ipsec newhostkey --output /etc/ipsec.secrets --random /dev/random --configdir /etc/ipsec.d/ --passwrod abcdef1 --bits 2048

As far as i understand it generates the private key into /etc/ipsec.secrets but then i don't why i need to pass as an argument the location of the NSS database and it's password, can anyone explain this?

when i do certutil -K -d /etc/ipsec.d/ i do see a new entry in the list (i'm hoping it's relevant)

So when i start ipsec by /etc/init.d/ipsec restart and add my connections does pluto takes the key from ipsec.secrets from the the NSS key database?

are there any kind of associations between the NSS database and ipsec.secrets?
 
Old 03-20-2011, 09:25 AM   #2
amirn
LQ Newbie
 
Registered: Mar 2011
Distribution: Fedora,Ubunutu
Posts: 15

Original Poster
Rep: Reputation: 0
ok, I find the following:

each key in the ipsec.secrets file has a reference to the NSS key database (you can see the reference if you look in the file and compare it to the id you see when you do certutil -K)
what i couldn't figure out yet is how to make pluto work in cases i don't se an empty password to encrypt the NSS database, anyone has a clue?


Amir
 
  


Reply

Tags
openswan


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
openswan 2.1.1 Giovanni26 Linux - Security 5 01-07-2010 12:44 PM
Easy NAT OpenSwan Question davidedwardgill Linux - Server 0 06-24-2008 11:28 AM
Openswan Up eagle710 Linux - Networking 0 03-06-2008 02:28 PM
openswan amsri Linux - Software 1 01-14-2006 12:11 AM
Openswan Evgeny Linux - Security 3 03-05-2005 04:59 AM


All times are GMT -5. The time now is 02:49 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration