[strongSwan] Mac OS 10.10 Client to Linux Strongswan server HASH N(AUTH_FAILED) error

Jude Oliver judeo at blansys.com
Tue Apr 26 18:21:23 CEST 2016 

it all looks god to me in the logs, in this case I converted the der to a
pem and listed that in the secrets.

Apr 26 10:53:52 RH7Standard strongswan: 10[CFG] rereading secrets
Apr 26 10:53:52 RH7Standard strongswan: 10[CFG] loading secrets from
'/etc/strongswan/ipsec.secrets'
Apr 26 10:53:52 RH7Standard strongswan: 10[CFG]   loaded RSA private key
from 
'/etc/strongswan/ipsec.d/private/RH7Standard.ConvertedvpnHostPrivateKey.pem
'
Apr 26 10:53:52 RH7Standard strongswan: 10[CFG]   loaded IKE secret for
%any
Apr 26 10:53:52 RH7Standard strongswan: 10[CFG]   loaded EAP secret for
judeo %any
Apr 26 10:53:52 RH7Standard strongswan: 10[CFG]   loaded EAP secret for
judeo %any
Apr 26 10:53:52 RH7Standard strongswan: 10[CFG]   loaded IKE secret for
judeo %any
Apr 26 10:53:52 RH7Standard strongswan: 10[CFG] rereading ca certificates
from '/etc/strongswan/ipsec.d/cacerts'
Apr 26 10:53:52 RH7Standard strongswan: 10[CFG]   loaded ca certificate
"C=US, O=BSI, CN=RH7Standard.blansys.com" from
'/etc/strongswan/ipsec.d/cacerts/RH7Standard.SelfSigned.CA.cert.strongswanC
ert.der'
Apr 26 10:53:52 RH7Standard strongswan: 10[CFG]   loaded ca certificate
"C=US, O=BSI, CN=RH7Standard.blansys.com" from
'/etc/strongswan/ipsec.d/cacerts/RH7Standard.Converted.SelfSigned.CA.cert.p
em'
Apr 26 10:53:52 RH7Standard strongswan: 10[CFG] rereading ocsp signer
certificates from '/etc/strongswan/ipsec.d/ocspcerts'
Apr 26 10:53:52 RH7Standard strongswan: 10[LIB] opening directory
'/etc/strongswan/ipsec.d/ocspcerts' failed: No such file or directory
Apr 26 10:53:52 RH7Standard strongswan: 10[CFG]   reading directory failed

The command I used to create the original .der was this:

strongswan pki --gen --type rsa --size 2048 --outform der >
ipsec.d/private/RH7Standard.vpnHostPrivateKey.der





________________________________________


Jude Oliver
Support
1100 Poydras St. Suite 1230
New Orleans, LA 70163
Main Office: 504-529-8869
Joliver at blansys.com
www.blanchardsystems.com <http://www.blanchardsystems.com/>

-----------------------------------------------------

Join Blanchard Systems

2016 Tips and Tricks Training Webinars

Check out the Blanchard Systems 2015 FREE monthly Tips & Tricks training
webinars. 
Click Here <http://www.blanchardsystems.com/events/> to view the schedule
and register for one of our upcoming events.









On 4/26/16, 11:01 AM, "Tobias Brunner" <tobias at strongswan.org> wrote:

>> Yes,  my ipsec.secrets contains this line:
>> : RSA RH7Standard.vpnHostPrivateKey.der
>> 
>> Do  I need to convert it to a .pem format?
>
>No, but you should check in the log whether it is successfully loaded
>when the daemon is started.
>
>Regards,
>Tobias
>

More information about the Users mailing list