[Swan] Struggling with certificates

[Nick Howitt]

Hi, I'm trying to see if I can set up a VPN with Windows Phone 8.1 and I've fallen over before even getting as far as the phone. I cannot get Libreswan to read the certificate I created. I've used the instructions at https://libreswan.org/wiki/Using_NSS_with_libreswan and I've done the following: rm /etc/ipsec.d/*.db ipsec initnss certutil -S -k rsa -n "HowittsCA" -s "CN=Howitt Family" -v 12 -t "C,C,C" -x -d /etc/ipsec.d certutil -S -k rsa -c "HowittsCA" -n "alex" -s "CN=Alex Howitt" -v 12 -t "u,u,u" -d /etc/ipsec.d certutil -L -d /etc/ipsec.d/ gives: Certificate Nickname                                         Trust Attributes                                                              SSL,S/MIME,JAR/XPI HowittsCA                                                    Cu,Cu,Cu alex                                                         u,u,u In ipsec.secrets I have: : RSA alex Running "ipsec secrets" gives: 002 forgetting secrets 002 loading secrets from "/etc/ipsec.secrets" 002 loading secrets from "/etc/ipsec.d/ipsec.secrets" 002     could not open host cert with nick name 'alex' in NSS DB 003 "/etc/ipsec.d/ipsec.secrets" line 1: NSS certficate not found 002 loading secrets from "/etc/ipsec.d/ipsec.unmanaged.MumIn.secrets" 002 loading secrets from "/etc/ipsec.d/ipsec.unmanaged.PaulIn.secrets" Similarly loading the conn gives: ipsec auto --add roadwarriors 000 leftcert with the nickname "alex" does not exist in NSS db Any idea where I've gone wrong? Once I get past this Win8 phone uses IKEv2. I do not want to use l2tp so I was going to initially try a config without XAUTH and failing that, with XAUTH. Am I on the right track? Thanks, Nick

_______________________________________________
Swan mailing list
Swan@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan