Latest LQ Deal: Complete CCNA, CCNP & Red Hat Certification Training Bundle
Go Back > Forums > Linux Forums > Linux - Distributions > Fedora
User Name
Fedora This forum is for the discussion of the Fedora Project.


  Search this Thread
Old 03-16-2011, 04:45 AM   #1
LQ Newbie
Registered: Mar 2011
Distribution: Fedora,Ubunutu
Posts: 16

Rep: Reputation: 0
Unhappy OpenSwan question

could someone help me understand from where openswan's pluto get's his priavte keys from...

here is what i did
i run the following commands
ipsec newhostkey --output /etc/ipsec.secrets --random /dev/random --configdir /etc/ipsec.d/ --passwrod abcdef1 --bits 2048

As far as i understand it generates the private key into /etc/ipsec.secrets but then i don't why i need to pass as an argument the location of the NSS database and it's password, can anyone explain this?

when i do certutil -K -d /etc/ipsec.d/ i do see a new entry in the list (i'm hoping it's relevant)

So when i start ipsec by /etc/init.d/ipsec restart and add my connections does pluto takes the key from ipsec.secrets from the the NSS key database?

are there any kind of associations between the NSS database and ipsec.secrets?
Old 03-20-2011, 09:25 AM   #2
LQ Newbie
Registered: Mar 2011
Distribution: Fedora,Ubunutu
Posts: 16

Original Poster
Rep: Reputation: 0
ok, I find the following:

each key in the ipsec.secrets file has a reference to the NSS key database (you can see the reference if you look in the file and compare it to the id you see when you do certutil -K)
what i couldn't figure out yet is how to make pluto work in cases i don't se an empty password to encrypt the NSS database, anyone has a clue?




Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
openswan 2.1.1 Giovanni26 Linux - Security 5 01-07-2010 12:44 PM
Easy NAT OpenSwan Question davidedwardgill Linux - Server 0 06-24-2008 11:28 AM
Openswan Up eagle710 Linux - Networking 0 03-06-2008 02:28 PM
openswan amsri Linux - Software 1 01-14-2006 12:11 AM
Openswan Evgeny Linux - Security 3 03-05-2005 04:59 AM > Forums > Linux Forums > Linux - Distributions > Fedora

All times are GMT -5. The time now is 10:56 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration