[strongSwan] Upgrade issue

Peter Sagerson psagers at ignorare.net
Tue Mar 27 19:07:38 CEST 2012


Hallelujah! Predictably, this was a comedy of errors, including syntax changes in ipsec.secrets leading to a line getting lost. Also, mysteriously, strongSwan was unable to parse the private key even when it was trying. Not sure why, as it was fixed by simply washing it through `openvpn rsa` again. I'll see if I can reproduce that one.

Thanks!


On Mar 27, 2012, at 12:36 AM, Tobias Brunner wrote:

> Hi Peter,
> 
>> I'm attaching the full control+controlmore logs from both versions in
>> case anyone's interested (IP redacted). A diff shows them effectively
>> identical until after the "full match" lines.
> 
> Actually, I think that the problem is caused by an earlier difference in
> the logs:
> 
> 4.4.0:
>> loading secrets from "/etc/ipsec.secrets"
>>  loaded private key from 'server.key'
>>  ...
>>  loaded shared key for %any 204.236.190.251
> 
> 4.5.2:
>> loading secrets from "/etc/ipsec.secrets"
>>  loaded PSK secret for 184.169.244.187 %any
> 
> That is, 4.5.2 doesn't load the private key.  This is then later the
> cause for pluto to skip the connection even if it is a full match, it's
> simply not able to authenticate itself.
> 
> How does your ipsec.secrets file look like?  Is there a difference
> between the two?  Check the man page or our wiki [1] to make sure the
> syntax is valid.
> 
> Regards,
> Tobias
> 
> [1] http://wiki.strongswan.org/projects/strongswan/wiki/IpsecSecrets
> 





More information about the Users mailing list