> I'm running several Dachstein 1.02 boxes doing IPSEC. I've been using > shared secrets and wanted to go to 509 certs. I have been able to generate > one 2048 bit key but the other machines just sit trying to get 128 random > bytes from /dev/random. I let one sit for two days before killing the > process. > > Does anyone know what I'm doing wrong?
Your firewall boxes are not filling /dev/random with true random data (generated primarily from direct user input), and /dev/random will block until there is enough "true" randomness to fill a read request. Either hook a keyboard to the box and start banging on the keys, or (preferred) generate the keys on a true workstation (ie used by a person so lots of random user seeding of /dev/random) and copy them over... Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user