[strongSwan] Issues when loading rsa private key

Andreas Steffen andreas.steffen at strongswan.org
Sat Apr 5 10:39:09 CEST 2014


Hi Sam,

your RSA private key is ok, although you should use
a modulus size of 2048 bits. Your 256 bit key is
ridiculously weak and might not even be accepted by the
IPsec peer.

Most probably there is a syntax error in /etc/ipsec.secrets
where you try to load the private key from ssl_r.pem. Could
you post your ipsec.secrets file?

Best regards

Andreas

On 04.04.2014 23:47, Sameer Agrawal wrote:
> Hi
> 
> I am using strongswan-4.5.2 and seeing some issue with loading rsa
> private-key when I try to establish site-to-site connection.
> I tried both "openssl" and "ipsec pki tool", however I am seeing the
> following error when loading the key.
> 
> Using OPENSSL
> ==============
> openssl genrsa -out ssl_r.pem 256
> 
> Key generated -> ssl_r.pem file
> =================================
> -----BEGIN RSA PRIVATE KEY-----
> MIGqAgEAAiEAyrDMmSXhTCAbJp1tqwtpDvRVB/MbbEOqdBNJirWuE4UCAwEAAQIg
> bxxYLCP9y1NWTubB9Z+9qMCk43rykSB7IbuopABJ0wkCEQD0Ef/I1/d0QugkG9ur
> 1yTfAhEA1JkGUEWfOr68YkG88PjQGwIQbIl0jgQ8bt8yDJy223wZUQIQUflnO9B8
> ozQkg2aBqhDmfQIRANkGT4FW29x0nWvyLn8Kxx0=
> -----END RSA PRIVATE KEY-----
> 
> 
> Error message from pluto src code:
> ===========================
> loading secrets from "ssl_r.pem"
> line 2: unexpected end of id list
> line 3: unexpected end of id list
> line 4: unexpected end of id list
> line 5: unexpected end of id list
> line 6: unexpected end of id list
> line 6: unexpected end of id list
> ...
> and finally, ike alg: unable to retrieve my private key.
> 
> 
> I faced similar issue when using "ipsec pki" tool too. Can you please
> let me know what can i do so that the secret key is loaded correctly.
> 
> Thanks
> Sam
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users
> 

-- 
======================================================================
Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Open Source VPN Solution!          www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4255 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20140405/3c6e0988/attachment.bin>


More information about the Users mailing list