[strongSwan] no private key found

Noel Kuntze noel.kuntze+strongswan-users-ml at thermi.consulting
Wed Nov 18 10:38:43 CET 2020 

Hi,

Please at least provide a full log as shown on the HelpRequests[1] page.

Kind regards

Noel

[1] https://wiki.strongswan.org/projects/strongswan/wiki/HelpRequests

Am 16.11.20 um 15:46 schrieb Udo Pokojski:
> Hello,
> 
> 
> I am trying to set up an IPSEC-Tunnel authenticated by certificates. The directory /etc/ipsec.d looks like this:
> 
> /etc/ipsec.d# ls -lR
> .:
> total 36
> drwxr-xr-x 2 root root 4096 Nov 12  2019 aacerts
> drwxr-xr-x 2 root root 4096 Nov 12  2019 acerts
> drwxr-xr-x 2 root root 4096 Sep 28 10:36 cacerts
> drwxr-xr-x 2 root root 4096 Nov 16 14:39 certs
> drwxr-xr-x 2 root root 4096 Nov 12  2019 crls
> drwxr-xr-x 2 root root 4096 Nov 12  2019 ocspcerts
> drwxr-xr-x 2 root root 4096 Nov 12  2019 policies
> drwx------ 2 root root 4096 Nov 16 14:40 private
> drwxr-xr-x 2 root root 4096 Nov 12  2019 reqs
> 
> ./aacerts:
> total 0
> 
> ./acerts:
> total 0
> 
> ./cacerts:
> total 4
> -rw-r--r-- 1 root root 2045 Sep 28 10:36 ca-cert.pem
> 
> ./certs:
> total 16
> -rw-r--r-- 1 root root 1774 Apr  2  2020 ca-cert.pem
> -rw-r--r-- 1 root root 2339 Nov 16 15:03 office-cert.pem
> 
> ./crls:
> total 0
> 
> ./ocspcerts:
> total 0
> 
> ./policies:
> total 0
> 
> ./private:
> total 12
> -rw-r--r-- 1 root root 3243 Nov 16 14:24 office-key.pem
> 
> ./reqs:
> total 0
> 
> 
> This is the content of /etc/ipsec.secrets:
> 
> # RSA private key for this host, authenticating it to any other host
> # which knows the public part.
>  : RSA office-key.pem
> 
> This istthe configuration for the connection:
> 
> conn ikev2-rw
>     right=37.120.163.19
>     # This should match the `leftid` value on your server's configuration
>     rightid="C=DE, ... CN=server..."
>     rightsubnet=10.8.0.0/24,10.9.0.0/24
>     leftsubnet=192.168.200.0/24,192.168.20.0/24
>     rightauth=pubkey
>     leftsourceip=%config
>     leftid="C=DE, ... CN=client"
>  #   leftauth=eap-mschapv2
>     eap_identity=%identity
>     auto=start
>     dpdaction=restart
>     dpdinterval=10s
>     closeaction=restart
> 
> 
> 
> Establishing a connection fails. In the log I can these lines:
> 
> Nov 16 15:40:09 nb-ubuntu ipsec[4108]: 00[CFG]   loaded RSA private key from '/etc/ipsec.d/private/office-key.pem'
> Nov 16 15:40:09 nb-ubuntu charon: 09[IKE] no private key found for 'C=DE, ... CN=client'
> root at udo-nb-ubuntu:/etc/ipsec.d#
> 
> 
> The private keyfile is loaded, but the keys cannot be found. I double checked that the keyfile matches the certificate.
> 
> Why is the private not found?
> 
> 
> Thanks in advance
> 
> Udo
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20201118/2446ce93/attachment-0001.sig>

More information about the Users mailing list