You do not need fswcert for Freeswan 1.96 upwards. In the ipsec.secrets file, you can give the name of the pem file itself. Freeswan will "automagically" discover the format of the key and extract it at startup.
Your ipsec gateway's certificate should be stored in the /etc/ipsec.d/private directory (in either der or pem format) and be referenced in ipsec.secrets by filename with an optional passphrase as under: : RSA <certificate file name> <passphrase> The : RSA must start at the left margin. The file MUST have no more than 700 permissions and be owned by root to be secure. It works. I've tried this. Mohan -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Mike Leone Sent: Monday, February 10, 2003 2:42 AM To: LEAF ML Subject: [leaf-user] Bering w/IPSec troubles - no fswcert command in Debian? I'm trying to set up my Bering 1.0-stable installation to use IPSec (eventually, I want to do IPSec passthru to my office's Pix firewall, but I might also want to use IPSec to connect into my LAN from the outside). I'm following http://leaf.sourceforge.net/devel/jnilo/buipsec.html, creating the certs on my Debian testing machine. However, the directions call for using the "fswcert" utility from the FreeS/WAN package (I assume that's where it's from; the docs don't say, but that's what my Googling has turned up) to extract out the private key of the server. Apparently, Debian does not include this utility anymore (altho I'm unclear why). Anyway, how can I extract out the private server key, without using the fswcert utility? I have the CA cert, server cert, and client cert already created. ------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
