> The Cert isn't involved in the IKE_SA_INIT request. Verification of the
> cert occurs in the IKE_AUTH request. What are the messages generated
> when you start your local StrongSwan config?
>
> -Tom
I don't see anything abnormal... although I do not see it calling
strongswan.d/bills-strongswan.conf nor ipsec.d/bills-ipsec.conf.
/etc/strongswan/strongswan.conf has:
include strongswan.d/*.conf
... but /etc/strongswan/ipsec.conf doesn't have any such thing.
(The missing key is because I was experimenting at that moment)
Dec 27 15:20:43 zeta systemd: Stopped strongSwan IPsec IKEv1/IKEv2 daemon using
ipsec.conf.
Dec 27 15:20:49 zeta systemd: Started strongSwan IPsec IKEv1/IKEv2 daemon using
ipsec.conf.
Dec 27 15:20:49 zeta systemd: Starting strongSwan IPsec IKEv1/IKEv2 daemon
using ipsec.conf...
Dec 27 15:20:49 zeta strongswan: Starting strongSwan 5.5.3 IPsec [starter]...
Dec 27 15:20:49 zeta strongswan: !! Your strongswan.conf contains manual plugin
load options for charon.
Dec 27 15:20:49 zeta strongswan: !! This is recommended for experts only, see
Dec 27 15:20:49 zeta strongswan: !!
http://wiki.strongswan.org/projects/strongswan/wiki/PluginLoad
Dec 27 15:20:49 zeta charon: 00[DMN] Starting IKE charon daemon (strongSwan
5.5.3, Linux 4.13.0-1.el7.elrepo.x86_64, x86_64)
Dec 27 15:20:49 zeta charon: 00[CFG] loading ca certificates from
'/etc/strongswan/ipsec.d/cacerts'
Dec 27 15:20:49 zeta charon: 00[CFG] loaded ca certificate "C=US,
O=QuantumEquities, CN=QuantumCA" from
'/etc/strongswan/ipsec.d/cacerts/cacert.pem'
Dec 27 15:20:49 zeta charon: 00[CFG] loading aa certificates from
'/etc/strongswan/ipsec.d/aacerts'
Dec 27 15:20:49 zeta charon: 00[CFG] loading ocsp signer certificates from
'/etc/strongswan/ipsec.d/ocspcerts'
Dec 27 15:20:49 zeta charon: 00[CFG] loading attribute certificates from
'/etc/strongswan/ipsec.d/acerts'
Dec 27 15:20:49 zeta charon: 00[CFG] loading crls from
'/etc/strongswan/ipsec.d/crls'
Dec 27 15:20:49 zeta charon: 00[CFG] loading secrets from
'/etc/strongswan/ipsec.secrets'
Dec 27 15:20:49 zeta charon: 00[LIB] opening
'/etc/strongswan/ipsec.d/private/quantumKey.pem' failed: No such file or
directory
Dec 27 15:20:49 zeta charon: 00[LIB] building CRED_PRIVATE_KEY - RSA failed,
tried 4 builders
Dec 27 15:20:49 zeta charon: 00[CFG] loading private key from
'/etc/strongswan/ipsec.d/private/quantumKey.pem' failed
Dec 27 15:20:49 zeta charon: 00[LIB] loaded plugins: charon random nonce aes
sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-netlink
socket-default updown
Dec 27 15:20:49 zeta charon: 00[JOB] spawning 16 worker threads
Dec 27 15:20:49 zeta strongswan: charon (32057) started after 20 ms
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users