[strongSwan] Problem with ipsec pki on virtuall machine

Martin Willi martin at strongswan.org
Fri Feb 26 10:39:04 CET 2010


> no RNG of quality RNG_TRUE found
> building CRED_PRIVATE_KEY - RSA failed, tried 5 builders
> private key generation failed

Have you mangled the plugin list? Looks like the "random" plugin is not
loaded or unable to read from /dev/random.

> Is there any workaround? Openssl -gen works great, is there any possibilty to
> use the openssl RNG ?

There is no way to access the RNG of OpenSSL directly, but you can use
OpenSSL key generation. If you build strongSwan with --enable-openssl
and --disable-gmp, public key operations will completely rely on
The third option is to use libgcrypt as backend, --enable-gcrypt.


More information about the Users mailing list