[strongSwan] building CRED_CERTIFICATE - TRUSTED_PUBKEY failed

Marcelo Barbudas nostef at gmail.com
Fri Nov 15 05:25:29 CET 2013 

I used openssl x509 -pubkey -noout -in clientCert.pem
>clientPubKey.pem and then loaded the pub key.
Now it's working:

Nov 15 04:22:17 ip-10-195-82-145 charon: 09[CFG]   loaded RSA public
key for "C=CH, O=strongSwan, CN=client" from 'clientPubKey.pem'

Nov 15 04:22:17 ip-10-195-82-145 charon: 09[CFG]   loaded RSA public
key for "%any" from 'clientPubKey.pem'

However when trying to connect I still get:

Nov 15 04:22:34 ip-10-195-82-145 charon: 12[IKE] ignoring certificate
request without data

Nov 15 04:22:34 ip-10-195-82-145 charon: 12[IKE] received end entity
cert "C=CH, O=strongSwan, CN=client"

Nov 15 04:22:34 ip-10-195-82-145 charon: 12[CFG] looking for RSA
signature peer configs matching 10.195.82.145...199.188.195.215[C=CH,
O=strongSwan, CN=client]

Nov 15 04:22:34 ip-10-195-82-145 charon: 12[IKE] no peer config found

-M

On Thu, Nov 14, 2013 at 8:18 PM, Marcelo Barbudas <nostef at gmail.com> wrote:
> Hi.
>
> I have the following setup:
>
> conn ios
>         keyexchange=ikev1
>         left=%defaultroute
>         leftallowany=yes
>         leftfirewall=yes
>         leftcert=serverCert.pem
>         leftsubnet=192.168.21.0/24
>         leftauth=rsa
>         right="C=CH, O=strongSwan, CN=client"
>         rightid="C=CH, O=strongSwan, CN=client"
>         rightcert=clientCert.pem
>         rightrsasigkey=clientCert.pem
>         rightauth=rsa
>         rightauth2=xauth-noauth
>         rightsourceip=192.168.22.0/24
>         auto=add
>
> When starting strongswan I can see:
>
> Nov 15 04:12:13 ip-10-195-82-145 charon: 09[CFG]   loaded certificate
> "C=CH, O=strongSwan, CN=client" from 'clientCert.pem'
>
> Nov 15 04:12:13 ip-10-195-82-145 charon: 09[LIB] building
> CRED_CERTIFICATE - TRUSTED_PUBKEY failed, tried 3 builders
>
> Nov 15 04:12:13 ip-10-195-82-145 charon: 09[CFG]   loading public key
> for "C=CH, O=strongSwan, CN=client" from 'clientCert.pem' failed
>
> Nov 15 04:12:13 ip-10-195-82-145 charon: 09[LIB] building
> CRED_CERTIFICATE - TRUSTED_PUBKEY failed, tried 3 builders
>
> Nov 15 04:12:13 ip-10-195-82-145 charon: 09[CFG]   loading public key
> for "%any" from 'clientCert.pem' failed
>
> What am I doing wrong? This is causing down the line an issue where I
> get looking for RSA sigs and peer config not found.
>
> -M.

More information about the Users mailing list