[strongSwan] need help for host2host-cert setup

Andreas Steffen andreas.steffen at strongswan.org
Thu Mar 25 09:32:21 CET 2010 

Hi,

could it be that you are using a leftid=@plm56.in.ibm.com
which is not contained as a subjectAltName in your certificate
newcert.pem?

Regards

Andreas

On 25.03.2010 06:22, Abbhishek Misra wrote:
> Thanks for a quick reply Andreas. It able to read secret as shown
> below but does not list it.
>
> There is nothing in  /var/log/messages related to  listing secrets
>
> plm56:~/abhishek # ipsec rereadsecrets
> plm56:~/abhishek #
> plm56:~/abhishek # tail  /var/log/messages
> Mar 25 05:00:03 plm56 su: (to nobody) root on none
> Mar 25 05:00:03 plm56 su: pam_unix_session(su:session): session opened
> for user nobody by (uid=0)
> Mar 25 05:00:03 plm56 su: pam_unix_session(su:session): session closed
> for user nobody
> Mar 25 05:00:03 plm56 su: (to nobody) root on none
> Mar 25 05:00:03 plm56 su: pam_unix_session(su:session): session opened
> for user nobody by (uid=0)
> Mar 25 05:00:17 plm56 su: pam_unix_session(su:session): session closed
> for user nobody
> Mar 25 05:00:18 plm56 /usr/sbin/cron[4251]:
> pam_unix_session(crond:session): session closed for user root
> Mar 25 05:11:37 plm56 charon: 16[CFG] rereading secrets
> Mar 25 05:11:37 plm56 charon: 16[CFG] loading secrets from '/etc/ipsec.secrets'
> Mar 25 05:11:37 plm56 charon: 16[CFG]   loaded private key file
> '/etc/ipsec.d/private/newkey.pem'
> plm56:~/abhishek #
>
>
> On Wed, Mar 24, 2010 at 7:07 PM, Andreas Steffen
> <andreas.steffen at strongswan.org>  wrote:
>> Execute
>>
>>    ipsec rereadsecrets
>>
>> and look for error messages in the log. It might be that your passphrase
>> is not correct.
>>
>>    ipsec listcerts
>>
>> should show your certificate with the comment
>>
>>    .., has private key
>>
>> Best regards
>>
>> Andreas
>>
>> On 24.03.2010 14:01, Abbhishek Misra wrote:
>>>    Hello All,
>>>
>>>    I'm trying to setup  host2host-cert example but very basic steps are
>>>    not going through.
>>>
>>>
>>>    plm56:~/abhishek # ipsec up host-host
>>>    initiating IKE_SA host-host[1] to 9.182.176.61
>>>    generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) (NATD_D_IP) ]
>>>    sending packet: from 9.182.176.56[500] to 9.182.176.61[500]
>>>    received packet: from 9.182.176.61[500] to 9.182.176.56[500]
>>>    parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) (NATD_D_IP)
>>>    N(MULT_AUTH) ]
>>>    no private key found for 'plm56.in.ibm.com'
>>>    plm56:~/abhishek #
>>>
>>>
>>>    I have used all conf files as mentioned in the example
>>>
>>>    ipsec listcerts is not showing my certificates that i generated using
>>>    this doc http://www.ipsec-howto.org/x595.html
>>>
>>>    This is how my secrets file looks
>>>
>>>           plm56:~/abhishek # cat /etc/ipsec.secrets
>>>           # /etc/ipsec.secrets - strongSwan IPsec secrets file
>>>           : RSA newkey.pem "abhishek"
>>>
>>>
>>>    following is my dir listing                  http://pastebin.com/PZUgn6zQ
>>>
>>>    this is my /etc/ssl/openssl.cnf          http://pastebin.com/w3v2zymm
>>>
>>>    i have gone through
>>>    https://lists.strongswan.org/pipermail/users/2009-August/003771.html
>>>    and verified modulus for newcert.pem and newkey.pem
>>>
>>>    Please take a look at these and let me know what more should I do to
>>>    get through.
>>>
>>>
>>>    regards
>>>    Abhishek Misra

======================================================================
Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==

More information about the Users mailing list