When you run the /etc/init.d/ipsec after installing Openswan-2.4.4 it tries to create the /etc/ipsec/ipsec.secrets file if its not there and the system blocks. You can CTRL+C out of it and then you are able to make this file by hand with the following command: # ipsec newhostkey --output /etc/ipsec/ipsec.secrets --bits 2048 However, this command *always* blocks as there is not enough entropy available from /dev/random to complete the command. I have found a fix at http://gentoo-wiki.com/HOWTO_OpenSwan_2.6_kernel which is as follows: Edit /usr/libexec/ipsec/newhostkey and change line 60: ipsec rsasigkey $verbose $host $bits to ipsec rsasigkey $verbose --random /dev/urandom $host $bits Once I have patched this file, everything seems to work :-) Hope this helps and might be included in the next release.
I've assumed the maintainer position.
This could potentially increase chances of someone to guess your key. Close as WONTFIX. Better safe than sorry.