[strongSwan] Trying a basic peer to peer ipsec setup with strongswan and is failing due to some key related issue

shyamsundar.purkayastha at wipro.com shyamsundar.purkayastha at wipro.com
Mon Apr 19 18:22:52 CEST 2010


Ok 

How can I see explicit logs related to charon startup ?

During ipsec start I did not see and errors.

Regards
Shyam
-----Original Message-----
From: Martin Willi [mailto:martin at strongswan.org] 
Sent: Monday, April 19, 2010 9:49 PM
To: Shyamsundar Purkayastha (WT01 - Telecom Equipment)
Cc: users at lists.strongswan.org
Subject: Re: [strongSwan] Trying a basic peer to peer ipsec setup with strongswan and is failing due to some key related issue

Hi,

> I feel that the message :    id '10.201.114.211' not confirmed by
> certificate, defaulting to 'C=IN, ST=KAR, O=WT, OU=TEV, CN=211,
> E=info at s2-wt.com' could be the culprit but unable to figure out the
> reason.

If you do not explicitly specify a leftid, the left parameter is used as
your local identity. But your certificate does not contain such an
identity as subjectAltName. As this is required, we default to the
included certificate subject in this case. This actually shouldn't hurt,
you can get rid of the warning by setting leftid to this identity.

> ipsec.secrets
> : RSA 211Key.pem "2111"

> ipsec listcerts
>   pubkey:    RSA 1024 bits

If charon would have a private key for your certificate, it would
indicate this with "has private key" in listcerts.
Either your specified private key does not match to your certificate, or
the private key failed to load. Any errors regarding private key loading
during daemon startup?

Regards
Martin



Please do not print this email unless it is absolutely necessary. 

The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments. 

WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email. 

www.wipro.com


More information about the Users mailing list