[strongSwan] ipsec pki --gen failed

Andreas Steffen andreas.steffen at strongswan.org
Tue Mar 23 16:02:23 CET 2010

ipsec pki --gen requires a true random number generator (by default
/dev/random which blocks if not enough entropy is available). So
either add additional entropy sources (e.g. a soundcard) or generate
your keys on a host that produces more entropy. The command

   cat /proc/sys/kernel/random/entropy_avail

will show you the available entropy. It should quickly increase
over time.

Best regards


On 23.03.2010 15:32, Kalaj wrote:
> Strongswan 4.3.6, ipsec pki --gen --size 1024 > key.key
> will never make the key, hung there...
> Bests,
> -kalaj

Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)

More information about the Users mailing list