On Sun, Apr 30, 2017 at 11:19 PM, Paul Wouters wrote:
> On Sat, 29 Apr 2017, Muenz, Michael wrote:
>
>> but on the last command ipsec "import debian.p12" I get a:
>>
>> Enter password for PKCS12 file:
>> pk12util: PKCS12 IMPORT SUCCESSFUL
>> certutil: Could not find cert: NOC CA
>> : PR_FILE_NOT_F
This might not be related to your issue but I remember putting in a
fix for a labeled IPsec setup in last year (around 3.14?). You should
at least make sure that your build has it, it's the most recent
labeled IPsec related change.
commit 1543f3c66bce961a94d119d7b3c32ad965cf07d3
Author:
- Original Message -
> From: "Jacob Vind"
> To: swan@lists.libreswan.org
> Sent: Thursday, February 11, 2016 7:59:01 AM
> Subject: [Swan] Problem with subnet-to-subnet setup behind NAT'ed networks
>
> Hi,
>
> I really hope we can get some help, we are trying to set up a
> subnet-to-sub
On 12/11/15 08:20, Tom Robinson wrote:
> > Hi Matt,
> >
> > Thanks for your response.
> >
> > On 12/11/15 01:15, Matt Rogers wrote:
> >> You should set rightid=%fromcert so it will use the received cert subject
> >> as the ID here.
> >>
> >
- Original Message -
> From: "Tom Robinson"
> To: swan@lists.libreswan.org
> Sent: Tuesday, November 10, 2015 6:54:39 PM
> Subject: [Swan] IKEv2 connection "no RSA public key known for" and "RSA
> authentication failed"
>
> Hi,
>
> I've had a lot of success with IPSec/L2TP but have face
> Seems libreswan doesn't load the fw certificate, but it's a little bit
> odd because ipsec auto --listall shows all the certs like I expect. I
> will retrace my steps to see what I missed.
>
> Oct 9 10:02:02 fw-kz pluto[30128]: | Added new connection rw-ikev2 with
> policy
> RSASIG+ENCRYPT+TU
> Date: Thu, 28 May 2015 12:32:30
> From: John Crisp
> To: Paul Wouters
> Subject: LibreSwan list
>
>
> Certificate confusion
>
> Hi,
>
> I'm trying to move from using PSK authent to certificates.
>
> Have read the Libreswan/NSS howto but seem to be tripping up somewhere.
> Certificate hell
On 01/27, Nick Howitt wrote:
> Matt,
>
> Thanks. That was it.
>
No problem, with some of the upcoming changes you won't need to restart pluto to
pick up new certs.
> Do you know anything about setting up Windoze Phone?
>
No, sorry :P
I believe Paul has done some testin
On 01/27, Nick Howitt wrote:
> 002 forgetting secrets
> 002 loading secrets from "/etc/ipsec.secrets"
> 002 loading secrets from "/etc/ipsec.d/ipsec.secrets"
> 002 could not open host cert with nick name 'alex' in NSS
> DB
> 003 "/etc/ipsec.d/ipsec.secrets" l
On 08/22, Remy van Elst wrote:
>
>
> On 08/22/14 16:30, Matt Rogers wrote:
> > On 08/22, Remy van Elst wrote:
> >> How would I apply this to system/PAM authentication? The passwords in
> >> the shadow file are SHA512 ($6$...)
> >>
> > chpasswd(8)
am stack),
and crypt would support the SHA512 type. Is your system-auth configuration much
different than the RHEL/CentOS default?
Matt
>
>
> On 08/21/14 21:15, Matt Rogers wrote:
> > On 08/21, Pontus Wiberg wrote:
> >> FYI did a new setup on a Ubuntu server with no addition
On 08/21, Pontus Wiberg wrote:
> FYI did a new setup on a Ubuntu server with no additional software but
> Libreswan and the requirements, a clean setup, clean ipsec.conf, getting
> the same error. The password is incorrectly handled by Libreswan or some
> dependency somewhere, same error as I've ha
On 07/21, Remy van Elst wrote:
> Hello Paul,
>
> 3.9 does not seem to fix the problem, I still get login errors with
> either PAM or a passwd file, same steps as earlier but with the new
> packages:
>
> Jul 21 16:04:45 localhost.localdomain pluto[3836]: "xauth-rsa"[4]
> 83.162.250.46 #2: NAT-Trav
On 05/06, Bob Miller wrote:
> So did I miss some step in the certificate creation or something for
> this to work, or am I just doing things wrong? Can someone point me at
> what I need to read to gain the correct understanding? Thanks for any
> hints...
>
>
Hi Bob, right now pluto doesn't sup
On 04/28, Wolfgang Nothdurft wrote:
> Am 28.04.2014 14:46, schrieb Tuomo Soini:
> >On Mon, 28 Apr 2014 13:26:03 +0200
> >Wolfgang Nothdurft wrote:
> >
> >>Hi,
> >>
> >>I'd like to migrate from openswan to libreswan on our internet
> >>appliance.
> >>
> >>For our customers, we need the ability to r
15 matches
Mail list logo