<html><body><div style="color:#000; background-color:#fff; font-family:times new roman, new york, times, serif;font-size:12pt">Thank you martin for the hint.<br><br>I added 'pem' in strongswan.conf (you can see strongswan.conf below): But I still get the same output. Please see the <br>>>ipsec start --no-fork output right after strongswan.conf<br>This package is also installed : strongswan-mod-pem - 5.0.4-1<br><br>Is there anyother way to debug this to see why is not loading the keys? <br><br><br><br>Appreciate your help.<br><br>Farid<br><br><br><br>08[LIB] building CRED_CERTIFICATE - ANY failed, tried 1 builders<br># strongswan.conf - strongSwan configuration
file
<br> <br>charon
{
<br> <br> # number of worker threads in
charon <br> threads =
16 <br> load = aes pem des sha1 sha2 md5 gmp random nonce hmac stroke kernel-netlink socket-default updown <br> # send strongswan vendor
ID? <br> # send_vendor_id =
yes
<br> <br> plugins
{
<br> <br> sql
{ <br> # loglevel to log into sql
database <br> loglevel =
-1
<br> <br> # URI to the
database <br> # database =
sqlite:///path/to/file.db <br> # database = mysql://user:password@localhost/database
<br> } <br>
}
<br> <br> #
...
<br>}
<br> <br>pluto
{
<br>
<br>}
<br> <br>libstrongswan
{
<br> <br> # set to no, the DH exponent size is
optimized <br> # dh_exponent_ansi_x9_42 =
no
<br>}
<br>~ <br><br>root@LMU8K:~# ipsec start --nofork<br>Starting strongSwan 5.0.4 IPsec [starter]...<br>!! Your strongswan.conf contains manual plugin load options for charon.<br>!! This is recommended for experts only, see<br>!! http://wiki.strongswan.org/projects/strongswan/wiki/PluginLoad<br>00[DMN] Starting IKE charon daemon (strongSwan 5.0.4, Linux 3.3.8, armv5tejl)<br>00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'<br>00[LIB] building CRED_CERTIFICATE - X509 failed, tried 0 builders<br>00[CFG] loading ca certificate from
'/etc/ipsec.d/cacerts/caCert.pem' failed<br>00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'<br>00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'<br>00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'<br>00[CFG] loading crls from '/etc/ipsec.d/crls'<br>00[CFG] loading secrets from '/etc/ipsec.secrets'<br>00[LIB] building CRED_PRIVATE_KEY - RSA failed, tried 3 builders<br>00[CFG] loading private key from '/etc/ipsec.d/private/lmu56Key.pem' failed<br>00[DMN] loaded plugins: charon aes pem des sha1 sha2 md5 gmp random nonce hmac stroke kernel-netlink socket-default updown<br>00[JOB] spawning 16 worker threads<br>charon (2628) started after 80 ms<br>08[CFG] received stroke: add connection 'lmu56'<br>08[LIB] building CRED_CERTIFICATE - ANY failed, tried 1 builders<br>08[CFG] loading certificate from 'lmu56Cert.pem' failed<br>08[CFG] added configuration
'lmu56'<br><br><br><div><span><br></span></div><div><br></div> <div style="font-family: times new roman, new york, times, serif; font-size: 12pt;"> <div style="font-family: times new roman, new york, times, serif; font-size: 12pt;"> <div dir="ltr"> <hr size="1"> <font face="Arial" size="2"> <b><span style="font-weight:bold;">From:</span></b> Martin Willi <martin@strongswan.org><br> <b><span style="font-weight: bold;">To:</span></b> Farid Farid <farid21657@yahoo.com> <br><b><span style="font-weight: bold;">Cc:</span></b> "users@lists.strongswan.org" <users@lists.strongswan.org> <br> <b><span style="font-weight: bold;">Sent:</span></b> Sunday, July 28, 2013 12:19 AM<br> <b><span style="font-weight: bold;">Subject:</span></b> Re: [strongSwan] No private key found for 'C=CA ...........'<br> </font> </div> <div class="y_msg_container"><br>Hi Farid,<br><br>> !! Your strongswan.conf contains manual plugin load options for
charon.<br>> !! This is recommended for experts only, see<br>> !! <a href="http://wiki.strongswan.org/projects/strongswan/wiki/PluginLoad" target="_blank">http://wiki.strongswan.org/projects/strongswan/wiki/PluginLoad</a><br><br>This warning pops up for specific reason:<br><br>> 00[DMN] loaded plugins: charon aes des sha1 sha2 md5 gmp random nonce hmac stroke kernel-netlink socket-default updown<br><br>You didn't load the pem plugin, hence<br><br>> 00[LIB] building CRED_PRIVATE_KEY - RSA failed, tried 2 builders<br>> 00[CFG] loading private key from '/etc/ipsec.d/private/lmu55Key.pem' failed<br><br>loading a PEM encoded private key fails.<br><br>Regards<br>Martin<br><br><br><br></div> </div> </div> </div></body></html>