LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 10-15-2014, 12:42 AM   #1
readmore
LQ Newbie
 
Registered: Feb 2013
Location: on the park bench.
Distribution: Debian
Posts: 15

Rep: Reputation: Disabled
openswan - include statement in ipsec.conf & ipsec.secrets


Hello LQ,

I've been studying openswan and do have it successfully connecting to a Cisco router. ISAKMP & IPsec SA(s) come up. 2-way traffic is seen across tunnel.

Just curious...though.

I put an "include" statement in both /etc/ipsec.conf & /etc/ipsec.secrets as follows:

Code:
op@deb7test:/etc$ cat /etc/ipsec.conf | grep include
include /etc/ipsec.d/ipsec.*.conf

op@deb7test:/etc$ sudo cat /etc/ipsec.secrets | grep include
include /etc/ipsec.d/ipsec.*.secrets

op1@deb7test:/etc/ipsec.d$ ls -l | grep ipsec\.
-rw-r--r-- 1 root root  243 Oct 14 22:35 ipsec.testopenswan.conf
-rw------- 1 root root   34 Oct 14 22:36 ipsec.testopenswan.secrets

op1@deb7test:/etc/ipsec.d$ cat ipsec.testopenswan.conf | grep conn
conn testopenswan
So here's the question.... When I run the command 'sudo ipsec auto --up testopenswan, how does openswan know which secrets file to use for the pre-shared key?

In this case there is only one .secrets file, but if I had multiple "profiles" (conf & secrets files), I'm wondering how it knows to choose the correct secrets file?

Maybe it goes by filename (?) (and I just lucked out, else it would have been yet more troubleshooting and less hair!).
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
vpn-ipsec : Failed to parse config setup portion of ipsec.conf hari85 Linux - Newbie 1 07-17-2010 09:12 PM
OpenSwan ipsec - conf,check -I need help hotsouce Linux - Networking 1 08-25-2008 04:54 AM
OpenSwan ipsec - conf,check -I need help hotsouce Linux - Networking 3 08-22-2008 01:07 AM
IPSEC openswan prashanlk Linux - Networking 1 12-28-2007 11:47 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 02:12 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration