Visit Jeremy's Blog.
Go Back > Forums > Linux Forums > Linux - Distributions > Fedora
User Name
Fedora This forum is for the discussion of the Fedora Project.


  Search this Thread
Old 03-15-2011, 04:10 PM   #1
LQ Newbie
Registered: Mar 2011
Distribution: Fedora,Ubunutu
Posts: 16

Rep: Reputation: 0
Openswan on fedora 14

After straggling with openswan for a week, i thought of getting some help...

I have openswan 2.6.31 installed on two Fedoras 14 (latest) running on the same box under VirtualBox -

i'm trying to establish an ipsec connection between the two Fedoras (in case it's relevant they are running in private host network mode)

i have connectivity between the two Fedroas
i totally removed iptables
i created my own conf file with left and right data including the public keys as generated (each o different fedora) by ipsec showhostkey --left/right

i start ipsec from /etc/init.d/
i add the connection using ipsec auto --add (the connection name is host-to-host)
and then i --up the connection and here is what i get

"can't find the private key from the NSS cert (err -12285)

... and after few lines...
"possible authentication failure: no acceptable response to our first encrypted message"

i looked into /var/log/secure and i also see the following...

Mar 15 23:04:01 HisFedora pluto[4116]: "host-to-host" #6: Signature check (on @MacFedora) failed (wrong key?); tried *AQOmRjUPo
Mar 15 23:04:01 HisFedora pluto[4116]: "host-to-host" #6: sending encrypted notification INVALID_KEY_INFORMATION to

HisFedora and MacFedora are the two Fedoras i have

any thoughts?

Old 03-20-2011, 08:22 AM   #2
LQ Newbie
Registered: Mar 2011
Distribution: Fedora,Ubunutu
Posts: 16

Original Poster
Rep: Reputation: 0
ok, found the following...
not sure why but once I created the NSS cert/key database with an empty password, everything started to work as expected and the tunnel was established
when i used a non empty password, i saw in the log files that pluto was searching for nsspassword file and didn't find it (not sure how to create this file)

Anyone has a tip of how to make things work with a non empty password?



fedora, openswan

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
openswan 2.1.1 Giovanni26 Linux - Security 5 01-07-2010 11:44 AM
Openswan Evgeny Linux - Security 4 01-07-2010 11:43 AM
openswan amsri Linux - Software 1 01-13-2006 11:11 PM
Openswan Evgeny Linux - Security 3 03-05-2005 03:59 AM
[Q] IPSec OpenSwan (Fedora Core3) to FreeSwan device TheEdge Linux - Security 0 11-23-2004 04:16 AM > Forums > Linux Forums > Linux - Distributions > Fedora

All times are GMT -5. The time now is 10:51 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration