[strongSwan] strongswan ignores ipsec.d/certs/ @start
Noel Kuntze
noel.kuntze+strongswan-users-ml at thermi.consulting
Thu Oct 31 13:33:37 CET 2019
Hello L.,
Probably not.
Configure strongSwan for logging like shown on the HelpRequests[1] page and look through the logs to see which files
are read (certs, pubkeys, private keys).
The error message indicates that strongSwan does not find a certificate for the ID that it also has the private key for.
You probably did not configure ipsec.secrets to read the private key.
Kind regards
Noel
[1] https://wiki.strongswan.org/projects/strongswan/wiki/HelpRequests
Am 31.10.19 um 11:31 schrieb lejeczek:
> hi everyone
>
> I'm having problems with certs, strongswan complains about missing keys
> and some more..
>
> But I want to ask if this behavior where servers does not load anything
> from '/etc/strongswan/ipsec.d/certs' is normal & expected?
>
> It does goes through /etc/strongswan/ipsec.d/cacerts and
> /etc/strongswan/ipsec.d/aacerts etc but not that one.
>
> I do have on server this in config:
>
> leftcert="vpn-clusterserver.cert.der"
>
> and then when I make rightid on the roadwarrior to be SDN of that cert,
> on the server is see:
>
> 08[IKE] no private key found for 'CN=vpn.nrr.tam.private.' (which is the
> leftid of the server & rightid of the roadwarrior)
>
> Even though the key file gets loaded @server start.
>
> Not weird?
>
> many thanks, L.
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20191031/b1af5982/attachment.sig>
More information about the Users
mailing list