On Mon, 24 Feb 2020, Cesare Leonardi wrote:
Hello, there is something not clear to me regarding .secrets file.
I've read this:
https://lists.libreswan.org/pipermail/swan/2018/002496.html
And this (slide 13):
https://libreswan.org/wiki/images/a/a5/DevConf2016-IPsec.pdf
From these documents I understand that using raw RSA key with Libreswan
= 3.21, .secrets file is not required anymore. But in my tests I
wasn't able to connect without it.
In theory in should work. In practise there is a catch22 issue we still
need to fix. For raw keys, to load the connection, we need to know the
keys are there, but to load the keys we need a connection.
We thought at some point it was no longer needed, but that was wrong.
Hence you seeing some confusion online. So yes, for raw (non-X.509)
keys, it is still needed. For X.509 certificates, it is not needed.
Paul
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
