[strongSwan] Upgrade issue
Peter Sagerson
psagers at ignorare.net
Tue Mar 27 19:07:38 CEST 2012
Hallelujah! Predictably, this was a comedy of errors, including syntax changes in ipsec.secrets leading to a line getting lost. Also, mysteriously, strongSwan was unable to parse the private key even when it was trying. Not sure why, as it was fixed by simply washing it through `openvpn rsa` again. I'll see if I can reproduce that one.
Thanks!
On Mar 27, 2012, at 12:36 AM, Tobias Brunner wrote:
> Hi Peter,
>
>> I'm attaching the full control+controlmore logs from both versions in
>> case anyone's interested (IP redacted). A diff shows them effectively
>> identical until after the "full match" lines.
>
> Actually, I think that the problem is caused by an earlier difference in
> the logs:
>
> 4.4.0:
>> loading secrets from "/etc/ipsec.secrets"
>> loaded private key from 'server.key'
>> ...
>> loaded shared key for %any 204.236.190.251
>
> 4.5.2:
>> loading secrets from "/etc/ipsec.secrets"
>> loaded PSK secret for 184.169.244.187 %any
>
> That is, 4.5.2 doesn't load the private key. This is then later the
> cause for pluto to skip the connection even if it is a full match, it's
> simply not able to authenticate itself.
>
> How does your ipsec.secrets file look like? Is there a difference
> between the two? Check the man page or our wiki [1] to make sure the
> syntax is valid.
>
> Regards,
> Tobias
>
> [1] http://wiki.strongswan.org/projects/strongswan/wiki/IpsecSecrets
>
More information about the Users
mailing list