[strongSwan] Reg : No private key found

Sindhu S. (sins) sins at cisco.com
Thu Oct 29 07:11:51 CET 2015


Can , someone help me with this ?

Regards,
Sindhu

From: Sindhu S. (sins)
Sent: Wednesday, October 28, 2015 7:07 PM
To: users at lists.strongswan.org
Subject: Reg : No private key found


Hi all,
I'm getting error as no private key found.
Private key was loaded successfully. Below are details.
Please let me know , what is the issue ?

Logs:
Oct 28 12:09:57 00[CFG]   loaded RSA private key from '/home/ipsec/snbi_new/snbi/snbiFe/bin/./private.pem'


Oct 28 12:19:09 05[IKE] received cert request for "N=2e19.ba2d.e05f-53, CN=2e19.ba2d.e05f-53, OU=cisco.com, SN=LINUX:PID:SN:960966186"
Oct 28 12:19:09 05[IKE] reinitiating already active tasks
Oct 28 12:19:09 05[IKE]   IKE_CERT_PRE task
Oct 28 12:19:09 05[IKE]   IKE_AUTH task
Oct 28 12:19:09 05[IKE] sending cert request for "CN=snbi"
Oct 28 12:19:09 05[ENC] added payload of type CERTREQ to message
Oct 28 12:19:09 05[ENC] added payload of type NOTIFY to message
Oct 28 12:19:09 05[ENC] added payload of type NOTIFY to message
Oct 28 12:19:09 05[ENC] added payload of type ID_INITIATOR to message
Oct 28 12:19:09 05[IKE] no private key found for 'N=2e19.ba2d.e05f-53, CN=2e19.ba2d.e05f-53, OU=cisco.com, SN=LINUX:PID:SN:960966186'
Oct 28 12:19:09 05[MGR] checkin and destroy IKE_SA snbi_tun_2[1]
Oct 28 12:19:09 05[IKE] IKE_SA snbi_tun_2[1] state change: CONNECTING => DESTROYING

ipsec at ipsec2:~/snbi_new/snbi/snbiFe/bin$ sudo ipsec statusall
Status of IKE charon daemon (strongSwan 5.3.3, Linux 3.13.0-24-generic, x86_64):
  uptime: 8 seconds, since Oct 28 12:09:58 2015
  malloc: sbrk 1351680, mmap 0, used 248608, free 1103072
  worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 0
  loaded plugins: charon aes des rc2 sha1 sha2 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem fips-prf gmp xcbc cmac hmac attr kernel-netlink resolve socket-default stroke updown xauth-generic
Listening IP addresses:
  10.64.69.117
  2001:db8:0:f101::1
  fd08:2eef:c2ee:0:2e19:ba2d:e05f:35
Connections:
  snbi_tun_2:  fe80::20c:29ff:feb2:ae2f%eth1...fe80::20c:29ff:fea8:e174%eth1  IKEv2
  snbi_tun_2:   local:  [N=2e19.ba2d.e05f-53, CN=2e19.ba2d.e05f-53, OU=cisco.com, SN=LINUX:PID:SN:960966186] uses public key authentication
  snbi_tun_2:    cert:  "N=2e19.ba2d.e05f-53, CN=2e19.ba2d.e05f-53, OU=cisco.com, SN=LINUX:PID:SN:960966186"
  snbi_tun_2:   remote: uses public key authentication
  snbi_tun_2:   child:  dynamic === dynamic TRANSPORT
Security Associations (0 up, 0 connecting):
  none
ipsec at ipsec2:~/snbi_new/snbi/snbiFe/bin$ sudo ipsec up snbi_tun_2
initiating IKE_SA snbi_tun_2[1] to fe80::20c:29ff:fea8:e174
generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(HASH_ALG) ]
sending packet: from fe80::20c:29ff:feb2:ae2f[500] to fe80::20c:29ff:fea8:e174[500] (408 bytes)
received packet: from fe80::20c:29ff:fea8:e174[500] to fe80::20c:29ff:feb2:ae2f[500] (353 bytes)
parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(HASH_ALG) N(MULT_AUTH) ]
received cert request for "N=2e19.ba2d.e05f-53, CN=2e19.ba2d.e05f-53, OU=cisco.com, SN=LINUX:PID:SN:960966186"
sending cert request for "CN=snbi"
no private key found for 'N=2e19.ba2d.e05f-53, CN=2e19.ba2d.e05f-53, OU=cisco.com, SN=LINUX:PID:SN:960966186'
establishing connection 'snbi_tun_2' failed
ipsec at ipsec2:~/snbi_new/snbi/snbiFe/bin$ ip -6 tun show
snbi_tun_3: gre/ipv6 remote fe80::20c:29ff:fea8:e16a local fe80::20c:29ff:feb2:ae25 dev eth0 encaplimit 4 hoplimit 64 tclass 0x00 flowlabel 0x00000 (flowinfo 0x00000000)
ip6gre0: gre/ipv6 remote :: local :: encaplimit 0 hoplimit 0 tclass 0x00 flowlabel 0x00000 (flowinfo 0x00000000)
ip6tnl0: ipv6/ipv6 remote :: local :: encaplimit 0 hoplimit 0 tclass 0x00 flowlabel 0x00000 (flowinfo 0x00000000)
snbi_tun_1: gre/ipv6 remote fe80::20c:29ff:fe6f:6c61 local fe80::20c:29ff:feb2:ae25 dev eth0 encaplimit 4 hoplimit 64 tclass 0x00 flowlabel 0x00000 (flowinfo 0x00000000)
snbi_tun_2: gre/ipv6 remote fe80::20c:29ff:fea8:e174 local fe80::20c:29ff:feb2:ae2f dev eth1 encaplimit 4 hoplimit 64 tclass 0x00 flowlabel 0x00000 (flowinfo 0x00000000)

ipsec at ipsec2:~/snbi_new/snbi/snbiFe/bin$ sudo ipsec listcerts

List of X.509 End Entity Certificates:

  subject:  "N=2e19.ba2d.e05f-53, CN=2e19.ba2d.e05f-53, OU=cisco.com, SN=LINUX:PID:SN:960966186"
  issuer:   "CN=snbi"
  serial:    01:50:ad:1c:60:4f
  validity:  not before Oct 28 11:52:09 2015, ok
             not after  Oct 28 11:52:09 2018, ok
  pubkey:    RSA 1024 bits
  keyid:     d5:77:cb:02:9d:84:05:d0:7d:00:1f:c1:6b:f2:35:76:c9:37:f3:c6
  subjkey:   cd:15:7e:9c:33:58:cd:49:f9:ff:89:b4:0a:28:61:a3:d0:a3:45:75
ipsec at ipsec2:~/snbi_new/snbi/snbiFe/bin$


Thanks,
Sindhu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20151029/d3612a1a/attachment.html>


More information about the Users mailing list