Thank you martin for the hint.
I added 'pem' in strongswan.conf (you can see strongswan.conf below): But I still get the same output. Please see the
>>ipsec start --no-fork output right after strongswan.conf
This package is also installed : strongswan-mod-pem - 5.0.4-1
Is there anyother way to debug this to see why is not loading the keys?
Appreciate your help.
Farid
08[LIB] building CRED_CERTIFICATE - ANY failed, tried 1 builders
# strongswan.conf - strongSwan configuration file
charon {
# number of worker threads in charon
threads = 16
load = aes pem des sha1 sha2 md5 gmp random nonce hmac stroke kernel-netlink socket-default updown
# send strongswan vendor ID?
# send_vendor_id = yes
plugins {
sql {
# loglevel to log into sql database
loglevel = -1
# URI to the database
# database = sqlite:///path/to/file.db
# database = mysql://user:password@localhost/database
}
}
# ...
}
pluto {
}
libstrongswan {
# set to no, the DH exponent size is optimized
# dh_exponent_ansi_x9_42 = no
}
~
root at LMU8K:~# ipsec start --nofork
Starting strongSwan 5.0.4 IPsec [starter]...
!! Your strongswan.conf contains manual plugin load options for charon.
!! This is recommended for experts only, see
!! http://wiki.strongswan.org/projects/strongswan/wiki/PluginLoad
00[DMN] Starting IKE charon daemon (strongSwan 5.0.4, Linux 3.3.8, armv5tejl)
00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
00[LIB] building CRED_CERTIFICATE - X509 failed, tried 0 builders
00[CFG] loading ca certificate from '/etc/ipsec.d/cacerts/caCert.pem' failed
00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
00[CFG] loading crls from '/etc/ipsec.d/crls'
00[CFG] loading secrets from '/etc/ipsec.secrets'
00[LIB] building CRED_PRIVATE_KEY - RSA failed, tried 3 builders
00[CFG] loading private key from '/etc/ipsec.d/private/lmu56Key.pem' failed
00[DMN] loaded plugins: charon aes pem des sha1 sha2 md5 gmp random nonce hmac stroke kernel-netlink socket-default updown
00[JOB] spawning 16 worker threads
charon (2628) started after 80 ms
08[CFG] received stroke: add connection 'lmu56'
08[LIB] building CRED_CERTIFICATE - ANY failed, tried 1 builders
08[CFG] loading certificate from 'lmu56Cert.pem' failed
08[CFG] added configuration 'lmu56'
________________________________
From: Martin Willi <martin at strongswan.org>
To: Farid Farid <farid21657 at yahoo.com>
Cc: "users at lists.strongswan.org" <users at lists.strongswan.org>
Sent: Sunday, July 28, 2013 12:19 AM
Subject: Re: [strongSwan] No private key found for 'C=CA ...........'
Hi Farid,
> !! Your strongswan.conf contains manual plugin load options for charon.
> !! This is recommended for experts only, see
> !! http://wiki.strongswan.org/projects/strongswan/wiki/PluginLoad
This warning pops up for specific reason:
> 00[DMN] loaded plugins: charon aes des sha1 sha2 md5 gmp random nonce hmac stroke kernel-netlink socket-default updown
You didn't load the pem plugin, hence
> 00[LIB] building CRED_PRIVATE_KEY - RSA failed, tried 2 builders
> 00[CFG] loading private key from '/etc/ipsec.d/private/lmu55Key.pem' failed
loading a PEM encoded private key fails.
Regards
Martin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20130731/01f93c76/attachment.html>