Yes in a single line beginning with ":". It is really easy to use this than to extract and transfer. Moreover, newer systems do not have fswcert. On RH7.3 and 8.0 which I use, I did not have them. I also downloaded fswcert, compiled and checked it out. Since both worked, I let it be.
Mohan -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Mike Leone Sent: 10 February 2003 09:27 To: 'LEAF ML' Subject: Re: [leaf-user] Bering w/IPSec troubles - no fswcert command in Debian? S Mohan ([EMAIL PROTECTED]) had this to say on 02/09/03 at 21:18: > You do not need fswcert for Freeswan 1.96 upwards. In the ipsec.secrets > file, you can give the name of the pem file itself. Freeswan will > "automagically" discover the format of the key and extract it at > startup. Good to know. :-) Meanwhile, I did find a copy of the fswcert program in an old downloads directory. > Your ipsec gateway's certificate should be stored in the > /etc/ipsec.d/private directory (in either der or pem format) and be > referenced in ipsec.secrets by filename with an optional passphrase as > under: > > : RSA <certificate file name> <passphrase> > > The : RSA must start at the left margin. The file MUST have no more than > 700 permissions and be owned by root to be secure. > > It works. I've tried this. I will try that, thanks. The example /etc/ipsec.secrets file has a format like this: : RSA { # -- Create your own RSA key with "ipsec rsasigkey" } Should I just include the filename and passphrase starting at the point of that has mark? I'm trying to start small, and just connect to the Pix at work. Ideally, I'd like a subnet-to-subnet connection (we use pre-shared keys, 3DES-level), so that the office will be transparently available to me, regardless of what machine I am using on my home LAN (Win2K, Linux, etc). Later, I'll see if I can do it via certs. Then work the other way, and connect from work to home LAN, using certs. That's the game plan, anyway. :-) ------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
