[strongSwan] Problem with ipsec pki on virtuall machine
rmx1 at Safe-mail.net
rmx1 at Safe-mail.net
Fri Feb 26 11:34:30 CET 2010
Sorry stupid questions but where can i seek in the plugin list?
What exactly do you mean?
anyway:
cat /dev/random
still gives no output and
cat /proc/sys/kernel/random/entropy_avail
gives me the value "2" all the time.
so i think this is a issue which comes with virtual machines and i need to use the
openssl RNG or openssl straight.
regards
max
-------- Original Message --------
From: Martin Willi <martin at strongswan.org>
To: rmx1 at Safe-mail.net
Cc: users at lists.strongswan.org
Subject: Re: [strongSwan] Problem with ipsec pki on virtuall machine
Date: Fri, 26 Feb 2010 10:39:04 +0100
> Hi,
>
> > no RNG of quality RNG_TRUE found
> > building CRED_PRIVATE_KEY - RSA failed, tried 5 builders
> > private key generation failed
>
> Have you mangled the plugin list? Looks like the "random" plugin is not
> loaded or unable to read from /dev/random.
>
> > Is there any workaround? Openssl -gen works great, is there any possibilty to
> > use the openssl RNG ?
>
> There is no way to access the RNG of OpenSSL directly, but you can use
> OpenSSL key generation. If you build strongSwan with --enable-openssl
> and --disable-gmp, public key operations will completely rely on
> OpenSSL.
> The third option is to use libgcrypt as backend, --enable-gcrypt.
>
> Regards
> Martin
More information about the Users
mailing list