[strongSwan] strongswan client 5.6.2 on linux unable to use ECDSA certs or keys

Ettore Tagarelli tagahect at gmail.com
Thu Apr 21 16:50:25 CEST 2022


Hello,
I recently configured a VPN on linux that works great with RSA certificate
authentication.
Creating certificates and keys with ECDSA causes my client to stop even
before trying to connect to server.
I created the certificates exactly the same way I created RSA ones
before... just changing --type from RSA to ECDSA.
I use network manager plugin to connect. This is the relevant part of the
log:
______________________
Apr 21 03:05:39 cash charon-nm: 05[LIB] building CRED_PRIVATE_KEY - RSA
failed, tried 10 builders
Apr 21 03:05:43 cash charon-nm: message repeated 2 times: [ 05[LIB]
building CRED_PRIVATE_KEY - RSA failed, tried 10 builders]
Apr 21 03:05:43 cash NetworkManager[10447]: <error> [1650503143.2344]
vpn-connection[0x55ce98c7e870,861b91a1-108a-46bd-8097-9033fa3013f0,"Connessione
VPN 1",0]: final secrets request failed to provide sufficient secrets
_________________________

I found strange that log claims about "RSA failed" instead od ECDSA.
I confirmed that keys and certificates are correct and valid using Openssh.
I used ipsec pki to create them.
I read a lot about but the most part of what I found talks about servers.
My problem is about client!
I also read that ECDSA must be supported because many people could make it
work.
After many sleeples nights I decided to write here.
Can anybody please help me?
Best regards
Hect
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20220421/8521358a/attachment.html>


More information about the Users mailing list