I did some experiments with Fedora 28. The instructions in the RHEL 7
Security Guide, section 4.6.3, "Creating Host-To-Host VPN Using
Libreswan," suggest you can just use:

ipsec newhostkey

I tried this, but it did not work. I got the problem that it cannot
find its own key. Instead I had to use the form given in the "Host to
host VPN" configuration example on the website, i.e.:

ipsec newhostkey --output /etc/ipsec.secrets

That created the correct entry to /etc/ipsec.secrets. Once I had
started ipsec on both ends, I was able to check that the tunnel was up
with:

ipsec auto --start mytunnel

ping OTHER.SERVER.IP.ADDRESS

ipsec whack --trafficstatus

On Thu, Jan 24, 2019 at 6:34 AM Alex <[email protected]> wrote:
>
> > > At some point I thought it was working. Is there a known problem with
> > > using RSA keys? Any idea why it can't find its own private key?
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan

Reply via email to