Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 127288

Summary: Openswan-2.4.4 hangs when you try to generate a host key
Product: Gentoo Linux Reporter: Richard Scott <gentoo.bugs>
Component: New packagesAssignee: Alin Năstac (RETIRED) <mrness>
Status: RESOLVED WONTFIX    
Severity: normal CC: pfeifer
Priority: High    
Version: 2006.0   
Hardware: All   
OS: Other   
Whiteboard:
Package list:
Runtime testing required: ---

Description Richard Scott 2006-03-23 04:00:28 UTC 
When you run the /etc/init.d/ipsec after installing Openswan-2.4.4 it tries to create the /etc/ipsec/ipsec.secrets file if its not there and the system blocks.

You can CTRL+C out of it and then you are able to make this file by hand with the following command:

# ipsec newhostkey --output /etc/ipsec/ipsec.secrets --bits 2048

However, this command *always* blocks as there is not enough entropy available from /dev/random to complete the command.

I have found a fix at http://gentoo-wiki.com/HOWTO_OpenSwan_2.6_kernel which is as follows:

Edit /usr/libexec/ipsec/newhostkey and change line 60:

ipsec rsasigkey $verbose $host $bits

to

ipsec rsasigkey $verbose --random /dev/urandom $host $bits

Once I have patched this file, everything seems to work :-)

Hope this helps and might be included in the next release.
Comment 1 Alin Năstac (RETIRED) gentoo-dev 2006-12-06 12:10:33 UTC 
I've assumed the maintainer position.
Comment 2 Alin Năstac (RETIRED) gentoo-dev 2006-12-07 09:43:33 UTC 
This could potentially increase chances of someone to guess your key.
Close as WONTFIX. Better safe than sorry.