[strongSwan] Question regarding smartcard configuration

Tobias Brunner tobias at strongswan.org
Tue Dec 22 08:45:49 CET 2015

Hi Marian,

> Dec 21 23:17:46 13[CFG] loading secrets from '/usr/local/etc/ipsec.secrets'
> Dec 21 23:17:46 13[LIB] engine 'opensc' is not available

This message is logged by the openssl plugin, not the pkcs11 plugin.
You should check the beginning of the log, is the plugin loaded and the
opensc module initialized properly?  The plugin should also load the
certificates from the token, which you should see in `ipsec listcerts`.

> 2. Which key ID I have to use in ipsec.secrets ?

The CKA_ID of the private key:

> Private RSA Key [Marian Thieme AUT 10]
> ...
> 	ID             : 1234567890abcdef123456789abcdef123456789
> ...


More information about the Users mailing list