Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
Bug 168391 - default host key not found via "include" directive in /etc/ipsec.secrets
default host key not found via "include" directive in /etc/ipsec.secrets
Product: Fedora
Classification: Fedora
Component: openswan (Show other bugs)
i686 Linux
medium Severity low
: ---
: ---
Assigned To: Steve Conklin
Depends On:
  Show dependency treegraph
Reported: 2005-09-15 12:40 EDT by Chris Hapgood
Modified: 2007-11-30 17:11 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2007-10-19 16:25:29 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Chris Hapgood 2005-09-15 12:40:30 EDT
From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Tablet PC 1.7)

Description of problem:
After a vanilla installation of openswan and ipsec-tools on FC4, the default host key is not found.  I expected the default host key to be found in the /etc/ipsec.d/hostkey.secrets file via the "include" directive in /etc/ipsec.secrets.

This behavior can be seen when running "ipsec verify" or "ipsec showhostkey --left"

The output of the showhostkey command is as follows:

            ipsec showhostkey: no default key in "/etc/ipsec.secrets"

The /etc/ipsec.secrets file exists and contains the following single line:

            include /etc/ipsec.d/*.secrets

In the /etc/ipsec.d directory, there is a file "hostkey.secrets" that contains an RSA key that appears to have been generated when I installed openswan.

If I link this hostkey.secrets file into /etc/ipsec.secrets, the error disappears.

Version-Release number of selected component (if applicable):
openswan-2.3.1-2 & ipsec-tools-0.5-4

How reproducible:

Steps to Reproduce:
1.Install openswan.
2.Run "ipsec verify"

Actual Results:  Checking for RSA private key (/etc/ipsec.secrets)               [FAILED]

Expected Results:  Checking for RSA private key (/etc/ipsec.secrets)               [OK]

Additional info:

The same problem has appeared on two systems.
Comment 1 Harald Hoyer 2006-06-14 08:22:02 EDT
------- Additional Comments From jferraz@linkway.com.br  2006-06-12 21:13 EST
Same problem is still present in Fedora Core 5.
Comment 2 Christian Iseli 2007-01-22 05:36:30 EST
This report targets the FC3 or FC4 products, which have now been EOL'd.

Could you please check that it still applies to a current Fedora release, and
either update the target product or close it ?

Comment 3 Paul Wouters 2007-10-19 16:25:29 EDT
From openswan 2.4.7's CHANGED file:

* Support Fedora style default RSA hostkey [paul]

This is specifically addressing the include wildcard issue and generating new
host keys on first start.

Note You need to log in before you can comment on or make changes to this bug.