[strongSwan] Cert question
Gary Smith
gary.smith at holdstead.com
Thu Feb 24 18:25:21 CET 2011
> > I think I'm a little confused as to where the keys need to go. Do I
> > need to export the cert (without key) and dump it into
> > /etc/ipsec.d/certs and export the key separately and dump it into
> > /etc/ipsec.d/private?
> >
> Yes, this is correct!
>
Andreas,
So I exported the cert/key separately and now ipsec certlists shows that the private key is included. The now when I run the ipsec up connname it appears to be doing the negotiation but dies with the error listed below:
parsed IKE_AUTH response 1 [ N(AUTH_FAILED) ]
received AUTHENTICATION_FAILED notify error
Feb 24 08:52:47 hslinvpn01 charon: 14[IKE] establishing CHILD_SA fre-lin
Feb 24 08:52:47 hslinvpn01 charon: 14[IKE] establishing CHILD_SA fre-lin
Feb 24 08:52:47 hslinvpn01 charon: 14[ENC] generating IKE_AUTH request 1 [ IDi IDr AUTH SA TSi TSr N(EAP_ONLY) ]
Feb 24 08:52:47 hslinvpn01 charon: 14[NET] sending packet: from
Feb 24 08:52:47 hslinvpn01 charon: 15[NET] received packet: from
Feb 24 08:52:47 hslinvpn01 charon: 15[ENC] parsed IKE_AUTH response 1 [ N(AUTH_FAILED) ]
Feb 24 08:52:47 hslinvpn01 charon: 15[IKE] received AUTHENTICATION_FAILED notify error
Feb 24 08:52:54 hslinvpn01 charon: 10[CFG] received stroke: terminate 'fre-lin'
Feb 24 08:52:54 hslinvpn01 charon: 10[CFG] no IKE_SA named 'fre-lin' found
More information about the Users
mailing list