On Fri, 4 Aug 2023, William Atwood wrote:
I am interested in using Libreswan in a project that requires IPsec tunnels
between hosts. Eventually, these tunnels will be based on certificates, but
I wanted to understand the "basics" before going to the effort of setting up
whatever certificate-management infrastructure I will need.
So, I found an example of a simple case in the Wiki, at
https://libreswan.org/wiki/Host_to_host_VPN. I ran the example on two hosts,
Lampson and Cherry, each running Ubuntu 20.04.6 LTS.
I installed Libreswan on both hosts, using "sudo apt install libreswan". The
resulting version string is:
Linux Libreswan 3.29 (netkey) on 5.15.0-76-generic
I initialized nss, and then used "sudo ipsec newhostkey" to generate RSA
keypairs on each host. Using the host keys, and appropriate IPv4 addresses,
I constructed /etc/ipsec.d/LACH.conf on both hosts, making sure that the host
keys were on a single line in the file.
I ran:
sudo ipsec setup start
sudo ipsec auto --add mytunnel
003 "mytunnel" #1: Failed to find our RSA key
Can anyone suggest to me what is wrong, and how to go about fixing it?
I wonder if this is an error in determining the nss directory used?
does the output of "sudo ipsec newhostkey" tell you if it generated this
key in /etc/ipsec.d or /var/lib/ipsec/nss/ ?
Can you run:
sudo certutil -L -d /var/lib/ipsec/nss/
and:
sudo ipsec auto --listall
Otherwise, perhaps you ran it multiple times and forgot to update the
.conf file with the new key ?
Paul
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
