[strongSwan] ipsec pki --gen

Andreas Steffen andreas.steffen at strongswan.org
Tue Jul 24 20:19:19 CEST 2012

Hi Brian,

it seems that your system cannot provide sufficient entropy since
ipsec pki relies on /dev/random to provide true random keys.
As a workaround I recommend e.g. to add your sound card as an
entropy source or if you have a TPM chip on your motherboard to
enable it.

Best regards


On 07/24/2012 06:46 PM, Brian Fernald wrote:
> Hi -
> Trying to setup a CA and self-signed certs...   no getting past the very first step ;
> ipsec pki --gen > caKey.der 
> This just hangs..  have tried debug, etc.. can't get any errors...
> Any ideas ?   This is 4.6.4 strongswan.
> Thanks!
> Brian
Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)

More information about the Users mailing list