From Bugzilla Helper: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Tablet PC 1.7) Description of problem: After a vanilla installation of openswan and ipsec-tools on FC4, the default host key is not found. I expected the default host key to be found in the /etc/ipsec.d/hostkey.secrets file via the "include" directive in /etc/ipsec.secrets. This behavior can be seen when running "ipsec verify" or "ipsec showhostkey --left" The output of the showhostkey command is as follows: ipsec showhostkey: no default key in "/etc/ipsec.secrets" The /etc/ipsec.secrets file exists and contains the following single line: include /etc/ipsec.d/*.secrets In the /etc/ipsec.d directory, there is a file "hostkey.secrets" that contains an RSA key that appears to have been generated when I installed openswan. If I link this hostkey.secrets file into /etc/ipsec.secrets, the error disappears. Version-Release number of selected component (if applicable): openswan-2.3.1-2 & ipsec-tools-0.5-4 How reproducible: Always Steps to Reproduce: 1.Install openswan. 2.Run "ipsec verify" Actual Results: Checking for RSA private key (/etc/ipsec.secrets) [FAILED] Expected Results: Checking for RSA private key (/etc/ipsec.secrets) [OK] Additional info: The same problem has appeared on two systems.
------- Additional Comments From jferraz.br 2006-06-12 21:13 EST ------- Same problem is still present in Fedora Core 5.
This report targets the FC3 or FC4 products, which have now been EOL'd. Could you please check that it still applies to a current Fedora release, and either update the target product or close it ? Thanks.
From openswan 2.4.7's CHANGED file: * Support Fedora style default RSA hostkey [paul] This is specifically addressing the include wildcard issue and generating new host keys on first start.