[strongSwan] ipsec pki --gen failed

Kalaj j at owind.com
Tue Mar 23 16:51:50 CET 2010


cat /proc/sys/kernel/random/entropy_avail shows
the available increasing entropy,
but how to make ipsec pki --gen works?
--with-random-device=/dev/zero makes it work, but why /dev/random not?

Bests,
-Kakaj


On Tue, Mar 23, 2010 at 11:02 PM, Andreas Steffen <
andreas.steffen at strongswan.org> wrote:

> ipsec pki --gen requires a true random number generator (by default
> /dev/random which blocks if not enough entropy is available). So
> either add additional entropy sources (e.g. a soundcard) or generate
> your keys on a host that produces more entropy. The command
>
>   cat /proc/sys/kernel/random/entropy_avail
>
> will show you the available entropy. It should quickly increase
> over time.
>
> Best regards
>
> Andreas
>
> On 23.03.2010 15:32, Kalaj wrote:
> > Strongswan 4.3.6, ipsec pki --gen --size 1024 > key.key
> > will never make the key, hung there...
> >
> > Bests,
> > -kalaj
>
> ======================================================================
> Andreas Steffen                         andreas.steffen at strongswan.org
> strongSwan - the Linux VPN Solution!                www.strongswan.org
> Institute for Internet Technologies and Applications
> University of Applied Sciences Rapperswil
> CH-8640 Rapperswil (Switzerland)
> ===========================================================[ITA-HSR]==
>
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20100323/37976bae/attachment.html>


More information about the Users mailing list