[strongSwan] ipsec pki --gen failed
Andreas Steffen
andreas.steffen at strongswan.org
Tue Mar 23 16:02:23 CET 2010
ipsec pki --gen requires a true random number generator (by default
/dev/random which blocks if not enough entropy is available). So
either add additional entropy sources (e.g. a soundcard) or generate
your keys on a host that produces more entropy. The command
cat /proc/sys/kernel/random/entropy_avail
will show you the available entropy. It should quickly increase
over time.
Best regards
Andreas
On 23.03.2010 15:32, Kalaj wrote:
> Strongswan 4.3.6, ipsec pki --gen --size 1024 > key.key
> will never make the key, hung there...
>
> Bests,
> -kalaj
======================================================================
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==
More information about the Users
mailing list