[strongSwan] expected record boundary in key
Turbo Fredriksson
turbo at bayour.com
Tue Feb 7 15:44:41 CET 2012
I'm trying to setup the usage of certificates etc with strongSWAN, but
there might be something I've missed.
I have had my own CA for many years, genererating working certificates
for a bunch of services (ldaps, https, etc).
When I try to add 'leftcert', I can no longer use PSK.
conn %default
...
leftcert=host_domain_tld.pem
leftid=@host.domain.tld
This gives me the following in the logs:
Feb 7 15:35:20 192.168.69.1 pluto[3398]: id 'host.domain.tld' not
confirmed by certificate, defaulting to 'C=SE, O=Bayour.COM, OU=System,
CN=host.domain.tld, E=turbo at bayour.com'
and if removing the leftid:
Feb 7 15:36:28 192.168.69.1 pluto[3466]: id '%any' not confirmed
by certificate, defaulting to 'C=SE, O=Bayour.COM, OU=System,
CN=host.domain.tld, E=turbo at bayour.com'
Fair enough. Don't really matter that much, but what should I write in
the
ipsec.secrets file?
"C=SE, O=Bayour.COM, OU=System, CN=host.domain.tld,
E=turbo at bayour.com" <A_RIGHTID_IP> : PSK "SomESecReet"
"C=SE, O=Bayour.COM, OU=System, CN=host.domain.tld,
E=turbo at bayour.com" %any : PSK "aNothEERseCreT"
gives me:
Feb 7 15:38:18 192.168.69.1 pluto[3545]: loading secrets from
"/var/lib/strongswan/ipsec.secrets.inc"
Feb 7 15:38:18 192.168.69.1 pluto[3545]: loaded PSK secret for
%any
Feb 7 15:38:18 192.168.69.1 pluto[3545]:
"/var/lib/strongswan/ipsec.secrets.inc" line 1: expected record boundary
in key
Feb 7 15:38:18 192.168.69.1 pluto[3545]: loaded PSK secret for
%any
Feb 7 15:38:18 192.168.69.1 pluto[3545]:
"/var/lib/strongswan/ipsec.secrets.inc" line 2: expected record boundary
in key
Using my own, external IP instead of the cert path works, but I have a
dynamic
IP, so I prefer not to use that (complicates things :).
More information about the Users
mailing list