[strongSwan] nm-strongswan always requires a password for client keys
Nicola Feltrin
nicola.feltrin at mailbox.org
Wed Dec 28 14:47:27 CET 2016
Hi everyone!
I’m a little bit of a noob, so I hope someone here can help me with
some trouble I’m experiencing with nm-strongswan.
I followed the official guide[^1] to generate certificates and keys. In
particular, I generated the keys with
pki --gen --outform pem > peer.key.pem
This tool, regardless of the pem format, does not require to set up a
password for the key, nor was I able to find an option in the manual to
do so.
When trying to configure my VPN, though, nm-strongswan asks for the
password of the key, without ever allowing me to proceed without
providing one. This causes charon to fail at opening the key with
errors like:
dic 28 13:40:23 $hostname charon-nm[1923]: 05[LIB] opening
'$path_to_key' failed: Permission denied
dic 28 13:40:23 $hostname charon-nm[1923]: 05[LIB] building
CRED_PRIVATE_KEY - RSA failed, tried 7 builders
I think this might be a bug (I would expect nm-strongswan to detect
when the key is password-protected and when not) but I’d like to hear
someone else’s thoughts before reporting it.
In case it has any relevance, I’m on arch running networkmanager-
strongswan 1.4.1-1 and strongswan 5.5.1-2 (both from the AUR).
Also, as a possible workaround, I’d be grateful if anyone could suggest
a way to generate a password-protected key.
With my best wishes,
Nicola Feltrin
PS: I also asked on the irc, if I get answers there I’ll post them here
for archiving purposes and in case anyone else need them :)
[^1]: https://wiki.strongswan.org/projects/strongswan/wiki/SimpleCA
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: This is a digitally signed message part
URL: <http://lists.strongswan.org/pipermail/users/attachments/20161228/15a30c2d/attachment.sig>
More information about the Users
mailing list