[strongSwan] Private key not found
andreas.steffen at strongswan.org
Tue Jun 22 18:58:13 CEST 2010
Our Changelog says:
- The IKEv2 charon daemon supports include files in ipsec.secrets.
So probably charon stops parsing ipsec.secrets due to
the unsupported include statement.
On 22.06.2010 18:50, Shane W wrote:
> I was using Debian strongswan 4.3.2 and Debian has an
> include directive in ipsec.secrets. Taking that out solves
> the problem. Odd that pluto handled that though.
> On Tue, Jun 22, 2010 at 11:49:18AM +0200, Andreas Steffen wrote:
>> Hi Shane,
>> the first output comes from the IKEv1 pluto daemon who
>> finds the matching private key whereas the second output
>> is from the IKEv2 charon daemon who fails in finding the
>> private key. If you disable the pluto daemon by setting
>> config setup
>> in ipsec.conf then you won't get these duplicate outputs.
>> Returning to your problem:
>> - Which strongSwan version are you using?
>> - Is your private key encrypted by a password?
>> - Are there any error messages in your log if you type
>> ipsec rereadsecrets
>> 22.06.2010 11:29, Shane W wrote:
>>> Hey all,
>>> I have done some archive searching on this one and previous
>>> issues have either been with ipsec.secrets providing the
>>> right password or key not matching cert issues. However, I
>>> have checked these things and am still getting this
>>> Jun 22 02:10:32 li01 charon: 14[IKE] no private key found
>>> for 'C=CA, ST=British Columbia, O=Continuum Systems,
>>> And yet, an ipsec listcerts shows that the cert has the
>>> private key the first time round but in the endpoint list,
>>> it doesn't. Why is the key being listed twice here?
>>> li01:~# ipsec listcerts
>>> 000 List of X.509 End Certificates:
>>> 000 Jun 22 02:20:59 2010, count: 1
>>> 000 subject: 'C=CA, ST=British Columbia, O=Continuum Systems, CN=li01.csy.ca'
>>> 000 issuer: 'C=CA, ST=British Columbia, L=Vancouver, O=Continuum Systems, CN=li01 CA'
>>> 000 serial: 02
>>> 000 validity: not before Jun 22 02:08:43 2010 ok
>>> 000 not after Jun 19 02:08:43 2020 ok
>>> 000 pubkey: RSA 2048 bits, has private key
>>> 000 keyid: 09:c2:ed:6b:83:fc:99:1d:dc:ba:8d:68:9c:dc:4d:bd:68:a7:ab:4b
>>> 000 subjkey: 32:83:42:5c:1a:d7:96:42:e7:73:45:dc:d7:b4:7c:02:f3:8f:41:6c
>>> 000 authkey: 0d:33:d4:3b:fd:a8:40:03:88:ad:65:ba:dd:f6:57:50:72:b5:90:f2
>>> List of X.509 End Entity Certificates:
>>> subject: "C=CA, ST=British Columbia, O=Continuum Systems, CN=li01.csy.ca"
>>> issuer: "C=CA, ST=British Columbia, L=Vancouver, O=Continuum Systems, CN=li01 CA"
>>> serial: 02
>>> validity: not before Jun 22 02:08:43 2010, ok
>>> not after Jun 19 02:08:43 2020, ok
>>> pubkey: RSA 2048 bits
>>> keyid: 09:c2:ed:6b:83:fc:99:1d:dc:ba:8d:68:9c:dc:4d:bd:68:a7:ab:4b
>>> subjkey: 32:83:42:5c:1a:d7:96:42:e7:73:45:dc:d7:b4:7c:02:f3:8f:41:6c
>>> authkey: 0d:33:d4:3b:fd:a8:40:03:88:ad:65:ba:dd:f6:57:50:72:b5:90:f2
>>> Any help greatly appreciated,
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 3430 bytes
Desc: S/MIME Cryptographic Signature
More information about the Users