[strongSwan] private key not found

Christoph Harder c_harder at arcor.de
Sun Oct 25 21:11:55 CET 2020

Hello everyone,

I wish to create an IPSEC v2 connection and use two authentication rounds, both with assymetric key pairs (one round using ECDSA followed by one round using BLISS).
Since BLISS is rather new I would like the second round as safe-guard in case the near future shows any fatal flaws in BLISS.
However at the moment I receive the follwoing message when I try to initiate a connection.

[IKE] no private key found for 'xyz_ecdsa'

The private keys are stored as /bliss/xyz_bliss.pem and /ecdsa/xyz_ecdsa.pem and the matching (same file name) public keys are stored in /pubkeys.
When I load the keys, e.g. using swanctl --load-creds the keys are listed and no error message shows up.

In the swanctl.conf the authentication rounds are defined like this (with matching remote authentication rounds):
local-1 {
	id = xyz_ecdsa
	auth = pubkey
	round = 1
local-2 {
	id = xyz_bliss
	auth = pubkey
	round = 2

The private keys don't have a passphrase and are not listed in the secrets section.

The private key file /ecdsa/xyz_ecdsa.pem looks like this:

and the public key file /pubkey/xyz_ecdsa.pem looks like this:
-----END PUBLIC KEY-----

The keys have been generated using the pki tool.

Can you give me any hints on what I might be doing wrong?
Are two rounds even supported when using auth = pubkey in both rounds?
Do I need to tell strongswan somehow to associate the key files with the id?

Best regards,
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0xA362479F3F0ADC06.asc
Type: application/pgp-keys
Size: 1440 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20201025/238b806c/attachment.key>

More information about the Users mailing list