Thanks Martin. Now it can work. Since I want to use eap feature, I load the eap plugins manually. Are there any ways to use eap without loading eap plugins manually?
--Aaron -----Original Message----- From: Martin Willi [mailto:[email protected]] Sent: 2010年3月30日 19:39 To: Aaron Zhang Cc: [email protected] Subject: Re: [strongSwan-dev] certificate issue Hi Aaron, > loading ca certificate from '/usr/local/etc/ipsec.d/cacerts/Aaron-CA.pem' > failed > loading private key from '/usr/local/etc/ipsec.d/private/vpnKey.key' failed > loaded plugins: aes des sha1 md5 sha2 hmac gmp random pubkey xcbc x509 > stroke eap-mschapv2 eap-identity eap-md5 updown You are missing the "pem" plugin to decode PEM encoded files, and the pkcs1 plugin to parse PKCS#1 encoded private/public keys. If you disabled them during ./configure, you'll have to rebuild strongSwan with them enabled. Do a "make clean" to rebuild them properly. If you have manually specified a plugin list, add the pem and pkcs1 plugins before loading the stroke plugin. We recommend to not set a plugin load list manually, it is tricky to get it right. Regards Martin _______________________________________________ Dev mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/dev
