<html><body><div style="color:#000; background-color:#fff; font-family:times new roman, new york, times, serif;font-size:12pt"><div><span>Hi Andreas,</span></div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: 'times new roman', 'new york', times, serif; background-color: transparent; font-style: normal;"><span><br></span></div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: 'times new roman', 'new york', times, serif; background-color: transparent; font-style: normal;"><span>Thank you so much .It is working now:!! :) </span></div><div><br></div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: 'times new roman', 'new york', times, serif; background-color: transparent; font-style: normal;">Cheers,</div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: 'times new roman', 'new york', times, serif; background-color: transparent; font-style: normal;">Farid</div><div style="color: rgb(0, 0,
0); font-size: 16px; font-family: 'times new roman', 'new york', times, serif; background-color: transparent; font-style: normal;"><br></div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: 'times new roman', 'new york', times, serif; background-color: transparent; font-style: normal;"><br></div> <div style="font-family: 'times new roman', 'new york', times, serif; font-size: 12pt;"> <div style="font-family: 'times new roman', 'new york', times, serif; font-size: 12pt;"> <div dir="ltr"> <hr size="1"> <font size="2" face="Arial"> <b><span style="font-weight:bold;">From:</span></b> Andreas Steffen <andreas.steffen@strongswan.org><br> <b><span style="font-weight: bold;">To:</span></b> Farid Farid <farid21657@yahoo.com> <br><b><span style="font-weight: bold;">Cc:</span></b> Martin Willi <martin@strongswan.org>; "users@lists.strongswan.org" <users@lists.strongswan.org> <br> <b><span style="font-weight:
bold;">Sent:</span></b> Wednesday, July 31, 2013 11:37 PM<br> <b><span style="font-weight: bold;">Subject:</span></b> Re: [strongSwan] No private key found for 'C=CA ...........'<br> </font> </div> <div class="y_msg_container"><br>Hi Farid,<br><br>the startup warning<br><br>> !! Your strongswan.conf contains manual plugin load options for charon.<br>> !! This is recommended for experts only, see<br>> !! <a href="http://wiki.strongswan.org/projects/strongswan/wiki/PluginLoad" target="_blank">http://wiki.strongswan.org/projects/strongswan/wiki/PluginLoad</a><br><br>is intended for newbies like you who don't know what they are doing<br>when meddling around with the strongswan.conf load statement:<br><br>- The pkcs1 plugin is missing so your private key won't get parsed:<br><br>> 00[LIB] building CRED_PRIVATE_KEY - RSA failed, tried 3 builders<br>> 00[CFG] loading private key from '/etc/ipsec.d/private/lmu56Key.pem'<br>>
failed<br><br>- The x509 plugin is missing so your certificates don't get parsed:<br><br>> 00[LIB] building CRED_CERTIFICATE - X509 failed, tried 0 builders<br>> 00[CFG] loading ca certificate from '/etc/ipsec.d/cacerts/caCert.pem'<br>> failed<br><br>Just remove the load statement from strongswan.conf and you'll fare<br>much better!<br><br>Andreas<br><br>On 08/01/2013 04:35 AM, Farid Farid wrote:<br>> Thank you martin for the hint.<br>> <br>> I added 'pem' in strongswan.conf (you can see strongswan.conf below): <br>> But I still get the same output. Please see the<br>>>>ipsec start --no-fork output right after strongswan.conf<br>> This package is also installed : strongswan-mod-pem - 5.0.4-1<br>> <br>> Is there anyother way to debug this to see why is not loading the keys? <br>> <br>> <br>> <br>> Appreciate your help.<br>> <br>> Farid<br>> <br>> <br>> <br>> 08[LIB] building
CRED_CERTIFICATE - ANY failed, tried 1 builders<br>> # strongswan.conf - strongSwan configuration<br>> file <br>> <br>> <br>> <br>> charon<br>> {
<br>> <br>> <br>> <br>> # number of worker threads in<br>> charon
<br>> <br>> threads =<br>> 16 <br>> <br>> load = aes pem des sha1 sha2 md5 gmp random nonce hmac stroke<br>> kernel-netlink socket-default updown <br>> # send strongswan vendor<br>> ID?
<br>> <br>> # send_vendor_id =<br>> yes <br>> <br>>
<br>> <br>> plugins<br>> { <br>> <br>>
<br>> <br>> sql<br>> { <br>> <br>> # loglevel to log into sql<br>> database <br>> loglevel =<br>>
-1 <br>> <br>> <br>> <br>> # URI to the<br>> database
<br>> <br>> # database =<br>> sqlite:///path/to/file.db <br>> <br>> # database =<br>> mysql://user:<a ymailto="mailto:password@localhost" href="mailto:password@localhost">password@localhost</a>/database
<br>> <br>> <br>> } <br>> <br>> <br>> } <br>> <br>>
<br>> <br>> #<br>> ... <br>> <br>> }
<br>> <br>> <br>> <br>> pluto<br>> {
<br>> <br>> <br>> <br>> }
<br>> <br>> <br>> <br>> libstrongswan<br>> {
<br>> <br>> <br>> <br>> # set to no, the DH exponent size is<br>> optimized <br>> <br>> #
dh_exponent_ansi_x9_42 =<br>> no <br>> <br>> } <br>> <br>> ~
<br>> <br>> <a ymailto="mailto:root@LMU8K" href="mailto:root@LMU8K">root@LMU8K</a>:~# ipsec start --nofork<br>> Starting strongSwan 5.0.4 IPsec [starter]...<br>> !! Your strongswan.conf contains manual plugin load options for charon.<br>> !! This is recommended for experts only, see<br>> !! <a href="http://wiki.strongswan.org/projects/strongswan/wiki/PluginLoad" target="_blank">http://wiki.strongswan.org/projects/strongswan/wiki/PluginLoad</a><br>> 00[DMN] Starting IKE charon daemon (strongSwan 5.0.4, Linux 3.3.8,<br>> armv5tejl)<br>> 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'<br>> 00[LIB] building CRED_CERTIFICATE - X509 failed, tried 0 builders<br>> 00[CFG] loading ca certificate from '/etc/ipsec.d/cacerts/caCert.pem'<br>> failed<br>> 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'<br>> 00[CFG]
loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'<br>> 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'<br>> 00[CFG] loading crls from '/etc/ipsec.d/crls'<br>> 00[CFG] loading secrets from '/etc/ipsec.secrets'<br>> 00[LIB] building CRED_PRIVATE_KEY - RSA failed, tried 3 builders<br>> 00[CFG] loading private key from '/etc/ipsec.d/private/lmu56Key.pem'<br>> failed<br>> 00[DMN] loaded plugins: charon aes pem des sha1 sha2 md5 gmp random<br>> nonce hmac stroke kernel-netlink socket-default updown<br>> 00[JOB] spawning 16 worker threads<br>> charon (2628) started after 80 ms<br>> 08[CFG] received stroke: add connection 'lmu56'<br>> 08[LIB] building CRED_CERTIFICATE - ANY failed, tried 1 builders<br>> 08[CFG] loading certificate from 'lmu56Cert.pem' failed<br>> 08[CFG] added configuration 'lmu56'<br>> <br>> <br>> <br>> <br>>
------------------------------------------------------------------------<br>> *From:* Martin Willi <<a ymailto="mailto:martin@strongswan.org" href="mailto:martin@strongswan.org">martin@strongswan.org</a>><br>> *To:* Farid Farid <<a ymailto="mailto:farid21657@yahoo.com" href="mailto:farid21657@yahoo.com">farid21657@yahoo.com</a>><br>> *Cc:* "<a ymailto="mailto:users@lists.strongswan.org" href="mailto:users@lists.strongswan.org">users@lists.strongswan.org</a>" <<a ymailto="mailto:users@lists.strongswan.org" href="mailto:users@lists.strongswan.org">users@lists.strongswan.org</a>><br>> *Sent:* Sunday, July 28, 2013 12:19 AM<br>> *Subject:* Re: [strongSwan] No private key found for 'C=CA ...........'<br>> <br>> Hi Farid,<br>> <br>>> !! Your strongswan.conf contains manual plugin load options for charon.<br>>> !! This is recommended for experts only, see<br>>> !! <a
href="http://wiki.strongswan.org/projects/strongswan/wiki/PluginLoad" target="_blank">http://wiki.strongswan.org/projects/strongswan/wiki/PluginLoad</a><br>> <br>> This warning pops up for specific reason:<br>> <br>>> 00[DMN] loaded plugins: charon aes des sha1 sha2 md5 gmp random nonce<br>> hmac stroke kernel-netlink socket-default updown<br>> <br>> You didn't load the pem plugin, hence<br>> <br>>> 00[LIB] building CRED_PRIVATE_KEY - RSA failed, tried 2 builders<br>>> 00[CFG] loading private key from '/etc/ipsec.d/private/lmu55Key.pem'<br>> failed<br>> <br>> loading a PEM encoded private key fails.<br>> <br>> Regards<br>> Martin<br>======================================================================<br>Andreas Steffen <a ymailto="mailto:andreas.steffen@strongswan.org"
href="mailto:andreas.steffen@strongswan.org">andreas.steffen@strongswan.org</a><br>strongSwan - the Linux VPN Solution! www.strongswan.org<br>Institute for Internet Technologies and Applications<br>University of Applied Sciences Rapperswil<br>CH-8640 Rapperswil (Switzerland)<br>===========================================================[ITA-HSR]==<br><br><br></div> </div> </div> </div></body></html>