[strongSwan] Trying a basic peer to peer ipsec setup with strongswan and is failing due to some key related issue

Martin Willi martin at strongswan.org
Mon Apr 19 18:19:00 CEST 2010


Hi,

> I feel that the message :    id '10.201.114.211' not confirmed by
> certificate, defaulting to 'C=IN, ST=KAR, O=WT, OU=TEV, CN=211,
> E=info at s2-wt.com' could be the culprit but unable to figure out the
> reason.

If you do not explicitly specify a leftid, the left parameter is used as
your local identity. But your certificate does not contain such an
identity as subjectAltName. As this is required, we default to the
included certificate subject in this case. This actually shouldn't hurt,
you can get rid of the warning by setting leftid to this identity.

> ipsec.secrets
> : RSA 211Key.pem "2111"

> ipsec listcerts
>   pubkey:    RSA 1024 bits

If charon would have a private key for your certificate, it would
indicate this with "has private key" in listcerts.
Either your specified private key does not match to your certificate, or
the private key failed to load. Any errors regarding private key loading
during daemon startup?

Regards
Martin






More information about the Users mailing list