[strongSwan] Problem with ipsec pki on virtuall machine
Martin Willi
martin at strongswan.org
Fri Feb 26 10:39:04 CET 2010
Hi,
> no RNG of quality RNG_TRUE found
> building CRED_PRIVATE_KEY - RSA failed, tried 5 builders
> private key generation failed
Have you mangled the plugin list? Looks like the "random" plugin is not
loaded or unable to read from /dev/random.
> Is there any workaround? Openssl -gen works great, is there any possibilty to
> use the openssl RNG ?
There is no way to access the RNG of OpenSSL directly, but you can use
OpenSSL key generation. If you build strongSwan with --enable-openssl
and --disable-gmp, public key operations will completely rely on
OpenSSL.
The third option is to use libgcrypt as backend, --enable-gcrypt.
Regards
Martin
More information about the Users
mailing list