[strongSwan] no private key found and unable to initiate to %any
Andreas Steffen
andreas.steffen at strongswan.org
Thu Oct 21 14:09:59 CEST 2010
Hello Daniel,
either your private key does not match the public key in Carol's
certificate or the private key could not be loaded.
- does ipsec listcerts show Carol's certificate with the comment:
..., has private key ?
- does ipsec rereadsecrets write any error messages into the log file?
Regards
Andreas
On 21.10.2010 11:14, Daniel Gartmann wrote:
> Hi I am trying to setup an ipsec tunnel but I have got some errors that
> I couldn't solve.
>
> ---------------------------
>
> moon:
>
> # ipsec.conf - strongSwan IPsec configuration file
>
> # basic configuration
>
> config setup
> # plutodebug=all
> crlcheckinterval=180
> strictcrlpolicy=no
> # cachecrls=yes
> # nat_traversal=yes
> # charonstart=no
> plutostart=no
>
> # Add connections here.
>
> conn %default
> ikelifetime=60m
> keylife=20m
> rekeymargin=3m
> keyingtries=1
> keyexchange=ikev2
> #ike=aes128-sha256-modp2048!
> #esp=aes128-sha256-modp2048!
> left=147.87.107.20
> leftsubnet=10.1.0.0/16
> leftcert=moonCert.pem
> leftid="C=CH,O=BFH, CN=gad"
> leftfirewall=yes
>
> conn rw
> right=%any
> rightsourceip=%dhcp
> auto=add
>
>
>
> # /etc/ipsec.secrets - strongSwan IPsec secrets file
>
> : RSA moonKey.pem "mypassword"
>
> ---------------------------------------------------------------------------
>
> carol:
>
> # ipsec.conf - strongSwan IPsec configuration file
>
> # basic configuration
>
> config setup
> # plutodebug=all
> crlcheckinterval=180
> strictcrlpolicy=no
> # cachecrls=yes
> # nat_traversal=yes
> # charonstart=no
> plutostart=no
>
> # Add connections here.
>
> # Sample VPN connections
>
> conn %default
> ikelifetime=60m
> keylife=20m
> rekeymargin=3m
> keyingtries=1
> keyexchange=ikev2
> #ike=aes128-sha256-modp2048!
> #esp=aes128-sha256-modp2048!
>
>
> conn home
> left=147.87.107.19
> leftsourceip=%config
> leftcert=carolCert.pem
> leftid="C=CH, O=BFH, CN=carol"
> leftfirewall=yes
> right=147.87.107.20
> rightsubnet=10.1.0.0/16
> rightid="C=CH, O=BFH, CN=gad"
> auto=add
>
>
> # /etc/ipsec.secrets - strongSwan IPsec secrets file
>
> : RSA carolKey.pem "mypassword"
>
> --------------------------------------------------------------
>
> moon error:
>
> [root at moon ~]# ipsec restart
> Stopping strongSwan IPsec...
> Starting strongSwan 4.4.0 IPsec [starter]...
> [root at moon ~]# ipsec up rw
> unable to initiate to %any
>
>
> carol error:
>
> [root at carol log]# cat /etc/ipsec.secrets
> # /etc/ipsec.secrets - strongSwan IPsec secrets file
>
> : RSA carolKey.pem "daniel"
> [root at carol log]# ^C
> [root at carol log]# ipsec restart
> Stopping strongSwan IPsec...
> Starting strongSwan 4.4.0 IPsec [starter]...
> [root at carol log]# ipsec up home
> initiating IKE_SA home[1] to 147.87.107.20
> generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
> sending packet: from 147.87.107.19[500] to 147.87.107.20[500]
> received packet: from 147.87.107.20[500] to 147.87.107.19[500]
> parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP)
> CERTREQ N(MULT_AUTH) ]
> received cert request for "C=CH, ST=Bern, L=Biel, O=BFH, OU=SEL, CN=gad,
> E=gad at bfh.ch"
> sending cert request for "C=CH, ST=Bern, L=Biel, O=BFH, OU=SEL, CN=gad,
> E=gad at bfh.ch"
> *no private key found* for 'C=CH, ST=Bern, O=BFH, OU=SEL, CN=carol,
> E=carol at bfh.ch'
> [root at carol log]#
>
> Thank you for your help!
>
> cheers
>
> Daniel
>
======================================================================
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==
More information about the Users
mailing list