Re: [Users] ipsec.secrets question

From: Andreas Steffen (andreas.steffen_at_strongsec.net)
Date: Tue Jan 14 2003 - 21:03:07 CET

• Next message: Mark A. Grafing: "[Users] Route Question"
• Previous message: psnizek_at_belfin.ch: "RE: [Users] pinging from freeswan box"
• In reply to: CARTER, Roy: "[Users] ipsec.secrets question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

If FreeS/WAN's certificate is loaded correctly, then

   ipsec auto --listcerts

should show the cert entry with the comment "has private key") and the
warning

  "multiple ipsec.secrets entries with distinct secrets match endpoints:
   first secret used"

should not appear since the matching private key is found automatically.
Also check the log for error messages during the startup
of Pluto.

In any case you can delete all the stuff in ipsec.secrets
that was generated automatically during installation.

Regards

Andreas

CARTER, Roy wrote:
> I have had a working ipsec tunnel between 2 Redhat 8.0 gateways for
> sometime, all works well! I am now testing out connection to my gateway from
> a freestanding Windows 2000 machine using Nate Carlson's howto. One of
> Nate's instructions says:
> 1) Configure ipsec.secrets:
>
> /etc/ipsec.secrets should contain the following (if you are running
> FreeS/WAN older than 1.96, check the warning below!):
>
> : RSA host.example.com.key "password"
>
> The password above should be the password you entered while generating the
> SSL certificate.
>
> Also note that if you are running a version of FreeS/WAN older than 1.96
> (with the 1.96 X.509 patches), the above command will not work -- you will
> need to use fswcert to extract your private key to the ipsec.secrets file.
>
> My ipsec.secrets file was not empty after the original install of freeswan
> so I added the line mentioned above at the end of the file.
>
> I now note in my "secure" log file that I get the message "multiple
> ipsec.secrets entries with distinct secrets match endpoints: first secret
> used". Should I care? What does this mean?
>
> Regards
>
>
> Roy
>
>
> Roy Carter
> Toolset Technologies
> SchlumbergerSema NIS
> Mob +44 7733 315428
> Email : RPCarter_at_slb.com

=======================================================================
Andreas Steffen e-mail: andreas.steffen_at_strongsec.com
strongSec GmbH home: http://www.strongsec.com
Alter Zürichweg 20 phone: +41 1 730 80 64
CH-8952 Schlieren (Switzerland) fax: +41 1 730 80 65
==========================================[strong internet security]===

_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

• Next message: Mark A. Grafing: "[Users] Route Question"
• Previous message: psnizek_at_belfin.ch: "RE: [Users] pinging from freeswan box"
• In reply to: CARTER, Roy: "[Users] ipsec.secrets question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.5 : Wed Jan 15 2003 - 20:11:40 CET