[strongSwan] no private key found and unable to initiate to %any
Daniel Gartmann
daniel.gartmann.sel at gmail.com
Thu Oct 21 11:14:57 CEST 2010
Hi I am trying to setup an ipsec tunnel but I have got some errors
that I couldn't solve.
---------------------------
moon:
# ipsec.conf - strongSwan IPsec configuration file
# basic configuration
config setup
# plutodebug=all
crlcheckinterval=180
strictcrlpolicy=no
# cachecrls=yes
# nat_traversal=yes
# charonstart=no
plutostart=no
# Add connections here.
conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=1
keyexchange=ikev2
#ike=aes128-sha256-modp2048!
#esp=aes128-sha256-modp2048!
left=147.87.107.20
leftsubnet=10.1.0.0/16
leftcert=moonCert.pem
leftid="C=CH,O=BFH, CN=gad"
leftfirewall=yes
conn rw
right=%any
rightsourceip=%dhcp
auto=add
# /etc/ipsec.secrets - strongSwan IPsec secrets file
: RSA moonKey.pem "mypassword"
---------------------------------------------------------------------------
carol:
# ipsec.conf - strongSwan IPsec configuration file
# basic configuration
config setup
# plutodebug=all
crlcheckinterval=180
strictcrlpolicy=no
# cachecrls=yes
# nat_traversal=yes
# charonstart=no
plutostart=no
# Add connections here.
# Sample VPN connections
conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=1
keyexchange=ikev2
#ike=aes128-sha256-modp2048!
#esp=aes128-sha256-modp2048!
conn home
left=147.87.107.19
leftsourceip=%config
leftcert=carolCert.pem
leftid="C=CH, O=BFH, CN=carol"
leftfirewall=yes
right=147.87.107.20
rightsubnet=10.1.0.0/16
rightid="C=CH, O=BFH, CN=gad"
auto=add
# /etc/ipsec.secrets - strongSwan IPsec secrets file
: RSA carolKey.pem "mypassword"
--------------------------------------------------------------
moon error:
[root at moon ~]# ipsec restart
Stopping strongSwan IPsec...
Starting strongSwan 4.4.0 IPsec [starter]...
[root at moon ~]# ipsec up rw
unable to initiate to %any
carol error:
[root at carol log]# cat /etc/ipsec.secrets
# /etc/ipsec.secrets - strongSwan IPsec secrets file
: RSA carolKey.pem "daniel"
[root at carol log]# ^C
[root at carol log]# ipsec restart
Stopping strongSwan IPsec...
Starting strongSwan 4.4.0 IPsec [starter]...
[root at carol log]# ipsec up home
initiating IKE_SA home[1] to 147.87.107.20
generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
sending packet: from 147.87.107.19[500] to 147.87.107.20[500]
received packet: from 147.87.107.20[500] to 147.87.107.19[500]
parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP)
CERTREQ N(MULT_AUTH) ]
received cert request for "C=CH, ST=Bern, L=Biel, O=BFH, OU=SEL, CN=gad,
E=gad at bfh.ch"
sending cert request for "C=CH, ST=Bern, L=Biel, O=BFH, OU=SEL, CN=gad,
E=gad at bfh.ch"
*no private key found* for 'C=CH, ST=Bern, O=BFH, OU=SEL, CN=carol,
E=carol at bfh.ch'
[root at carol log]#
Thank you for your help!
cheers
Daniel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20101021/70f4acab/attachment.html>
More information about the Users
mailing list