upgrade to 5.4 openswan broke

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Hi All,

I upgraded from 5.3 to 5.4 today on a vpn gateway using openswan.  After
the upgrade the vpn stopped working.  From what I could tell the new
version of openswan uses NSS.  I tried following the instructions in
this thead https://bugzilla.redhat.com/show_bug.cgi?id=508107 without
success.  

  # certutil -N -d sql:/etc/ipsec.d
    certutil: function failed: security library: bad database.

If I ran the command without the sql: like this
  # certutil -N -d sql:/etc/ipsec.d
it would create the database files.  
I would then execute
  # modutil -fips true -dbdir /etc/ipsec.d
followed by
  # /usr/sbin/ipsec newhostkey --configdir /etc/ipsec.d/nssdb
    --password password1 --output /etc/ipsec.d/host.secrets
After replacing the hostkey in the file I tried to bring the connection
up but the connection would not start and the following error message
was in the log file.
   unable to locate my private key for RSA Signature
   sending notification AUTHENTICATION_FAILED
I finally had to downgrade from openswan-2.6.21-5.el5 to
openswan-2.6.14-1.el5 to get things to work.

Am I missing something that is needed to make this work?

Any help would be appreciated.

Myron Williams



_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux