On Tue, 16 Dec 2014, Phil Daws wrote:
am new to libreswan and attempting to set up an IPSEC tunnel between two
subnets. The issue am facing is that when I bring up the connection I see:
"network1" #28: no RSA public key known for 'CN=fwl01.bbb'
yet if I check the NSS database the certificate is there and the CN is correct.
This is how my connection looks:
conn network1
leftid="CN=fwl01.aaa"
leftrsasigkey=%cert
leftcert="fwl01-aaa"
rightid="CN=fwl01.bbb"
That's most likely wrong. Unless you set the "friendly_name" on the
PKCS#12 import to "CN=fwl01.bbb" instead of "CN=fwl01.bbb".
I assume you are left, and only have the left certificate and its CA in
your nss, You would write:
leftid=%fromcert
leftcert=fwl01-aaa
leftrsasigkey=%cert
#rightid does not need to be specified
rightrsasigkey=%cert
# optionally:
leftsendcert=always
See also:
https://libreswan.org/wiki/Using_NSS_with_libreswan
https://libreswan.org/wiki/Migrating_from_Openswan
Paul
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
