[strongSwan] Problem with ipsec pki on virtuall machine

rmx1 at Safe-mail.net rmx1 at Safe-mail.net
Fri Feb 26 11:34:30 CET 2010


Sorry stupid questions but where can i seek in the plugin list?
What exactly do you mean?
 
anyway:

cat /dev/random 

still gives no output and

cat /proc/sys/kernel/random/entropy_avail

gives me the value "2" all the time.

so i think this is a issue which comes with virtual machines and i need to use the
openssl RNG or openssl straight. 

regards

max


-------- Original Message --------
From: Martin Willi <martin at strongswan.org>
To: rmx1 at Safe-mail.net
Cc: users at lists.strongswan.org
Subject: Re: [strongSwan] Problem with ipsec pki on virtuall machine
Date: Fri, 26 Feb 2010 10:39:04 +0100

> Hi,
> 
> > no RNG of quality RNG_TRUE found
> > building CRED_PRIVATE_KEY - RSA failed, tried 5 builders
> > private key generation failed
> 
> Have you mangled the plugin list? Looks like the "random" plugin is not
> loaded or unable to read from /dev/random.
> 
> > Is there any workaround? Openssl -gen works great, is there any possibilty to
> > use the openssl RNG ?
> 
> There is no way to access the RNG of OpenSSL directly, but you can use
> OpenSSL key generation. If you build strongSwan with --enable-openssl
> and --disable-gmp, public key operations will completely rely on
> OpenSSL.
> The third option is to use libgcrypt as backend, --enable-gcrypt.
> 
> Regards
> Martin




More information about the Users mailing list