Hi all, I'm trying to set up iked. I've created a ca with ikectl ca "vpn" create , installed it (ikectl ca "vpn" install) and created a certificate for the server to begin with "ikectl ca vpn certificate "foo.example.com" create/install".
However, when I try to start iked -dvv, I see the following output: ca_privkey_serialize: type RSA_KEY length 1191 ca_pubkey_serialize: type RSA_KEY length 270 ikev2 "vpn" passive espca: ca_reset: reload: Permission denied proto tcpikev2 exiting, pid 1301 from 10.0.0.0/8 port 23 to 20.0.0.0/8 port 40 from 192.168.1.1 port 23 to 192.168.2.2 port 40 local any peer any ikesa enc 3des prf hmac-sha2-256,hmac-sha1 auth hmac-sha1 group modp1024 childsa enc aes-128 auth hmac-sha1 srcid host.example.com dstid 192.168.0.254 lifetime 10800 bytes 536870912 psk 0x /etc/iked.conf: loaded 1 configuration rules lost child: ca exited abnormally control exiting, pid 39459 parent terminating It seems to happen at line 147 in iked's ca.c, where ca_reload is called which doesn't return 0 (https://github.com/reyk/openiked/blob/master/iked/ca.c). I suspect in ca_reload, on line 548 it tries to open the CA directory and that returns -1, which would explain why I don't see more log messages. But why? Any help or pointers much appreciated. Rubin!