Red Hat Bugzilla – Bug 168391
default host key not found via "include" directive in /etc/ipsec.secrets
Last modified: 2007-11-30 17:11:13 EST
From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Tablet PC 1.7)
Description of problem:
After a vanilla installation of openswan and ipsec-tools on FC4, the default host key is not found. I expected the default host key to be found in the /etc/ipsec.d/hostkey.secrets file via the "include" directive in /etc/ipsec.secrets.
This behavior can be seen when running "ipsec verify" or "ipsec showhostkey --left"
The output of the showhostkey command is as follows:
ipsec showhostkey: no default key in "/etc/ipsec.secrets"
The /etc/ipsec.secrets file exists and contains the following single line:
In the /etc/ipsec.d directory, there is a file "hostkey.secrets" that contains an RSA key that appears to have been generated when I installed openswan.
If I link this hostkey.secrets file into /etc/ipsec.secrets, the error disappears.
Version-Release number of selected component (if applicable):
openswan-2.3.1-2 & ipsec-tools-0.5-4
Steps to Reproduce:
2.Run "ipsec verify"
Actual Results: Checking for RSA private key (/etc/ipsec.secrets) [FAILED]
Expected Results: Checking for RSA private key (/etc/ipsec.secrets) [OK]
The same problem has appeared on two systems.
------- Additional Comments From email@example.com 2006-06-12 21:13 EST
Same problem is still present in Fedora Core 5.
This report targets the FC3 or FC4 products, which have now been EOL'd.
Could you please check that it still applies to a current Fedora release, and
either update the target product or close it ?
From openswan 2.4.7's CHANGED file:
* Support Fedora style default RSA hostkey [paul]
This is specifically addressing the include wildcard issue and generating new
host keys on first start.