On Tue, 16 Sep 2014, Enrico Brunetta wrote:

/etc/ipsec.secrets:
: RSA enrico

That should be the "friendly name" as used in the pkcs#12 export. On the
server that would not be "enrico".


Did your certificates load? run ipsec auto --listall and look for the
CAcert and the vpn.bitproductions.com cert.

root@ip-172-31-48-104:~# ipsec auto --listall
000
000 List of RSA Public Keys:
000
000 Sep 17 01:24:23 2014, 1024 RSA Key AwEAAdS9l (no private key), until Sep 16 
22:04:08 2024 ok
000        ID_FQDN '@vpn.bitproductions.com'

More likely, the friendly name is vpn.bitproductions.com?
Note the "no private key", which shows that libreswan does not know how
to find the private key of the certificate it is told to use.

000        Issuer 'C=US, ST=TX, L=Austin, O=bitProductions Inc., 
CN=bitProductions VPN Certification Authority'
000 Sep 17 01:24:23 2014, 1024 RSA Key AwEAAdS9l (no private key), until Sep 16 
22:04:08 2024 ok

Here "no private key" is fine, because it is the CA and the vpn server
does not need to have the CA key :)

I think you might need:

: RSA "vpn.bitproductions.com"

or:

: RSA "VPN Server"

But you know best what you used as the friendly_name for the export :)

Paul
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan

Reply via email to