<html><body><div style="color:#000; background-color:#fff; font-family:times new roman, new york, times, serif;font-size:12pt">Hi Martin/Andreas,<br><br>Now I can ping the other peer and see secure ESP packets are going back and forth but I can see also one uncesure packet as you can see below: it seems  55 node sends ech_request twice  one secure and one un secure.  is it normal?  <br><br>01:24:44.559099 IP LMU5k.lan > 192.168.1.56: ESP(spi=0xcb8b0e8d,seq=0x1), length 132                     <br>01:24:44.559417 IP LMU5k.lan > 192.168.1.56: ICMP echo request, id 58919, seq 0, length 64               <br>01:24:44.560057 IP 192.168.1.56 > LMU5k.lan: ESP(spi=0xc3b7a86c,seq=0x1), length
 132                     <br>01:24:45.565739 IP LMU5k.lan > 192.168.1.56: ESP(spi=0xcb8b0e8d,seq=0x2), length 132                     <br>01:24:45.566053 IP LMU5k.lan > 192.168.1.56: ICMP echo request, id 58919, seq 1, length 64               <br>01:24:45.566496 IP 192.168.1.56 > LMU5k.lan: ESP(spi=0xc3b7a86c,seq=0x2), length 132                     <br>01:24:46.575691 IP LMU5k.lan > 192.168.1.56: ESP(spi=0xcb8b0e8d,seq=0x3), length 132                     <br>01:24:46.576008 IP
 LMU5k.lan > 192.168.1.56: ICMP echo request, id 58919, seq 2, length 64               <br>01:24:46.576447 IP 192.168.1.56 > LMU5k.lan: ESP(spi=0xc3b7a86c,seq=0x3), length 132                     <br>01:24:46.87<br><div><span><br></span></div><div>Thanks,</div><div>Farid<br></div>  <div style="font-family: times new roman, new york, times, serif; font-size: 12pt;"> <div style="font-family: times new roman, new york, times, serif; font-size: 12pt;"> <div dir="ltr"> <hr size="1">  <font face="Arial" size="2"> <b><span style="font-weight:bold;">From:</span></b> Farid Farid <farid21657@yahoo.com><br> <b><span style="font-weight: bold;">To:</span></b> Andreas Steffen <andreas.steffen@strongswan.org> <br><b><span style="font-weight: bold;">Cc:</span></b>
 "users@lists.strongswan.org" <users@lists.strongswan.org> <br> <b><span style="font-weight: bold;">Sent:</span></b> Thursday, August 1, 2013 9:28 AM<br> <b><span style="font-weight: bold;">Subject:</span></b> Re: [strongSwan] No private key found for  'C=CA ...........'<br> </font> </div> <div class="y_msg_container"><br><div id="yiv3830073574"><div><div style="color:#000;background-color:#fff;font-family:times new roman, new york, times, serif;font-size:12pt;"><div><span>Hi Andreas,</span></div><div style="color:rgb(0, 0, 0);font-size:16px;font-family:'times new roman', 'new york', times, serif;background-color:transparent;font-style:normal;"><span><br></span></div><div style="color:rgb(0, 0, 0);font-size:16px;font-family:'times new roman', 'new york', times, serif;background-color:transparent;font-style:normal;"><span>Thank you so much .It is working now:!!  :)  </span></div><div><br></div><div style="color:rgb(0, 0,
 0);font-size:16px;font-family:'times new roman', 'new york', times, serif;background-color:transparent;font-style:normal;">Cheers,</div><div style="color:rgb(0, 0, 0);font-size:16px;font-family:'times new roman', 'new york', times, serif;background-color:transparent;font-style:normal;">Farid</div><div style="color:rgb(0, 0,
 0);font-size:16px;font-family:'times new roman', 'new york', times, serif;background-color:transparent;font-style:normal;"><br></div><div style="color:rgb(0, 0, 0);font-size:16px;font-family:'times new roman', 'new york', times, serif;background-color:transparent;font-style:normal;"><br></div>  <div style="font-family:'times new roman', 'new york', times, serif;font-size:12pt;"> <div style="font-family:'times new roman', 'new york', times, serif;font-size:12pt;"> <div dir="ltr"> <hr size="1">  <font face="Arial" size="2"> <b><span style="font-weight:bold;">From:</span></b> Andreas Steffen <andreas.steffen@strongswan.org><br> <b><span style="font-weight:bold;">To:</span></b> Farid Farid <farid21657@yahoo.com> <br><b><span style="font-weight:bold;">Cc:</span></b> Martin Willi <martin@strongswan.org>; "users@lists.strongswan.org" <users@lists.strongswan.org> <br> <b><span style="
font-weight:bold;">Sent:</span></b> Wednesday, July 31, 2013 11:37 PM<br> <b><span style="font-weight:bold;">Subject:</span></b> Re: [strongSwan] No private key found for  'C=CA ...........'<br> </font> </div> <div class="yiv3830073574y_msg_container"><br>Hi Farid,<br><br>the startup warning<br><br>> !! Your strongswan.conf contains manual plugin load options for charon.<br>> !! This is recommended for experts only, see<br>> !! <a rel="nofollow" target="_blank" href="http://wiki.strongswan.org/projects/strongswan/wiki/PluginLoad">http://wiki.strongswan.org/projects/strongswan/wiki/PluginLoad</a><br><br>is intended for newbies like you who don't know what they are doing<br>when meddling around with the strongswan.conf load statement:<br><br>- The pkcs1 plugin is missing so your private key won't get parsed:<br><br>> 00[LIB] building CRED_PRIVATE_KEY - RSA failed, tried 3 builders<br>> 00[CFG]   loading private key from
 '/etc/ipsec.d/private/lmu56Key.pem'<br>>
 failed<br><br>- The x509 plugin is missing so your certificates don't get parsed:<br><br>> 00[LIB] building CRED_CERTIFICATE - X509 failed, tried 0 builders<br>> 00[CFG]   loading ca certificate from '/etc/ipsec.d/cacerts/caCert.pem'<br>> failed<br><br>Just remove the load statement from strongswan.conf and you'll fare<br>much better!<br><br>Andreas<br><br>On 08/01/2013 04:35 AM, Farid Farid wrote:<br>> Thank you martin for the hint.<br>> <br>> I added 'pem' in strongswan.conf (you can see strongswan.conf below): <br>> But I still get the same output. Please see the<br>>>>ipsec start --no-fork output right after strongswan.conf<br>> This package is also installed : strongswan-mod-pem - 5.0.4-1<br>> <br>> Is there anyother way to debug this to see why is not loading the keys? <br>> <br>> <br>> <br>> Appreciate your help.<br>> <br>> Farid<br>> <br>> <br>> <br>> 08[LIB] building
 CRED_CERTIFICATE - ANY failed, tried 1 builders<br>> # strongswan.conf - strongSwan configuration<br>> file                                                                           <br>> <br>>                                                                                                                             <br>> <br>> charon<br>> {                             
                                                                                       <br>> <br>>                                                                                                                             <br>> <br>>         # number of worker threads in<br>> charon                                 
                                               <br>> <br>>         threads =<br>> 16                                                                                                        <br>> <br>>         load = aes pem des sha1 sha2 md5 gmp random nonce hmac stroke<br>> kernel-netlink socket-default updown                  <br>>         # send strongswan vendor<br>> ID?                       
                                                                 <br>> <br>>         # send_vendor_id =<br>> yes                                                                                              <br>> <br>>                                                                                           
                                  <br>> <br>>         plugins<br>> {                                                                                                           <br>> <br>>                                                                                                                 
            <br>> <br>>                 sql<br>> {                                                                                                       <br>> <br>>                         # loglevel to log into sql<br>> database                                                                 <br>>                         loglevel =<br>>
 -1                                                                                       <br>> <br>>                                                                                                                             <br>> <br>>                         # URI to the<br>> database                     
                                                          <br>> <br>>                         # database =<br>> sqlite:///path/to/file.db                                                              <br>> <br>>                         # database =<br>> mysql://user:<a rel="nofollow" ymailto="mailto:password@localhost" target="_blank" href="mailto:password@localhost">password@localhost</a>/database                                     
         
 <br>> <br>>                <br>> }                                                                                                           <br>> <br>>        <br>> }                                                                                                                   <br>> <br>>         
                                                                                                                    <br>> <br>>         #<br>> ...                                                                                                               <br>> <br>> }                           
                                                                                                <br>> <br>>                                                                                                                             <br>> <br>> pluto<br>> {                                         
                                                                            <br>> <br>>                                                                                                                             <br>> <br>> }                                                                 
                                                          <br>> <br>>                                                                                                                             <br>> <br>> libstrongswan<br>> {                                                                             
                                <br>> <br>>                                                                                                                             <br>> <br>>         #  set to no, the DH exponent size is<br>> optimized                                                                     <br>> <br>>         # 
 dh_exponent_ansi_x9_42 =<br>> no                                                                                      <br>> <br>> }                                                                                                                           <br>> <br>> ~                                             
                        <br>> <br>> <a rel="nofollow" ymailto="mailto:root@LMU8K" target="_blank" href="mailto:root@LMU8K">root@LMU8K</a>:~# ipsec start --nofork<br>> Starting strongSwan 5.0.4 IPsec [starter]...<br>> !! Your strongswan.conf contains manual plugin load options for charon.<br>> !! This is recommended for experts only, see<br>> !! <a rel="nofollow" target="_blank" href="http://wiki.strongswan.org/projects/strongswan/wiki/PluginLoad">http://wiki.strongswan.org/projects/strongswan/wiki/PluginLoad</a><br>> 00[DMN] Starting IKE charon daemon (strongSwan 5.0.4, Linux 3.3.8,<br>> armv5tejl)<br>> 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'<br>> 00[LIB] building CRED_CERTIFICATE - X509 failed, tried 0 builders<br>> 00[CFG]   loading ca certificate from '/etc/ipsec.d/cacerts/caCert.pem'<br>> failed<br>> 00[CFG] loading aa certificates
 from '/etc/ipsec.d/aacerts'<br>> 00[CFG]
 loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'<br>> 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'<br>> 00[CFG] loading crls from '/etc/ipsec.d/crls'<br>> 00[CFG] loading secrets from '/etc/ipsec.secrets'<br>> 00[LIB] building CRED_PRIVATE_KEY - RSA failed, tried 3 builders<br>> 00[CFG]   loading private key from '/etc/ipsec.d/private/lmu56Key.pem'<br>> failed<br>> 00[DMN] loaded plugins: charon aes pem des sha1 sha2 md5 gmp random<br>> nonce hmac stroke kernel-netlink socket-default updown<br>> 00[JOB] spawning 16 worker threads<br>> charon (2628) started after 80 ms<br>> 08[CFG] received stroke: add connection 'lmu56'<br>> 08[LIB] building CRED_CERTIFICATE - ANY failed, tried 1 builders<br>> 08[CFG]   loading certificate from 'lmu56Cert.pem' failed<br>> 08[CFG] added configuration 'lmu56'<br>> <br>> <br>> <br>> <br>>
 ------------------------------------------------------------------------<br>> *From:* Martin Willi <<a rel="nofollow" ymailto="mailto:martin@strongswan.org" target="_blank" href="mailto:martin@strongswan.org">martin@strongswan.org</a>><br>> *To:* Farid Farid <<a rel="nofollow" ymailto="mailto:farid21657@yahoo.com" target="_blank" href="mailto:farid21657@yahoo.com">farid21657@yahoo.com</a>><br>> *Cc:* "<a rel="nofollow" ymailto="mailto:users@lists.strongswan.org" target="_blank" href="mailto:users@lists.strongswan.org">users@lists.strongswan.org</a>" <<a rel="nofollow" ymailto="mailto:users@lists.strongswan.org" target="_blank" href="mailto:users@lists.strongswan.org">users@lists.strongswan.org</a>><br>> *Sent:* Sunday, July 28, 2013 12:19 AM<br>> *Subject:* Re: [strongSwan] No private key found for 'C=CA ...........'<br>> <br>> Hi Farid,<br>> <br>>> !! Your strongswan.conf contains manual plugin load
 options for charon.<br>>> !! This is recommended for experts only, see<br>>> !! <a rel="nofollow" target="_blank" href="http://wiki.strongswan.org/projects/strongswan/wiki/PluginLoad">http://wiki.strongswan.org/projects/strongswan/wiki/PluginLoad</a><br>> <br>> This warning pops up for specific reason:<br>> <br>>> 00[DMN] loaded plugins: charon aes des sha1 sha2 md5 gmp random nonce<br>> hmac stroke kernel-netlink socket-default updown<br>> <br>> You didn't load the pem plugin, hence<br>> <br>>> 00[LIB] building CRED_PRIVATE_KEY - RSA failed, tried 2 builders<br>>> 00[CFG]  loading private key from '/etc/ipsec.d/private/lmu55Key.pem'<br>> failed<br>> <br>> loading a PEM encoded private key fails.<br>> <br>> Regards<br>> Martin<br>======================================================================<br>Andreas Steffen                 
        <a rel="nofollow" ymailto="mailto:andreas.steffen@strongswan.org" target="_blank" href="mailto:andreas.steffen@strongswan.org">andreas.steffen@strongswan.org</a><br>strongSwan - the Linux VPN Solution!                www.strongswan.org<br>Institute for Internet Technologies and Applications<br>University of Applied Sciences Rapperswil<br>CH-8640 Rapperswil (Switzerland)<br>===========================================================[ITA-HSR]==<br><br><br></div> </div> </div>  </div></div></div><br>_______________________________________________<br>Users mailing list<br><a ymailto="mailto:Users@lists.strongswan.org" href="mailto:Users@lists.strongswan.org">Users@lists.strongswan.org</a><br><a href="https://lists.strongswan.org/mailman/listinfo/users" target="_blank">https://lists.strongswan.org/mailman/listinfo/users</a><br><br></div> </div> </div>  </div></body></html>