>> How can I see explicit logs related to charon startup ? >Try to start charon in the foreground using > ipsec start --nofork
Martin I ran the ipsec start --nofork command As you mentioned in your earlier reply the issue is indeed with loading the private key . It throws the following error ------------------------------------------------------------- 00[CFG] loading secrets from '/etc/ipsec.secrets' 00[LIB] L1 - version: ASN1 tag 0x02 expected, but is 0x30 00[LIB] building CRED_PRIVATE_KEY - RSA failed, tried 5 builders ------------------------------------------------------------------- What could be the reason for this ? Here is the complete verbose stdout I got .. Thanks in advance for your help. -------------------------------------------------------------------- [r...@localhost ~]# ipsec start --nofork Starting strongSwan 4.3.6 IPsec [starter]... 00[DMN] Starting IKEv2 charon daemon (strongSwan 4.3.6) 00[KNL] listening on interfaces: 00[KNL] eth0 00[KNL] 10.201.114.211 00[KNL] fe80::21f:e2ff:fe6c:c777 00[KNL] received netlink error: Invalid argument (22) 00[KNL] unable to create IPv6 routing table rule 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts' 00[CFG] loaded ca certificate "C=IN, ST=KAR, L=EC, O=WT, OU=TEV, CN=10.201.114.211, [email protected]" from '/etc/ipsec.d/cacerts/strongswanCert.pem' 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts' 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts' 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts' 00[CFG] loading crls from '/etc/ipsec.d/crls' 00[CFG] loading secrets from '/etc/ipsec.secrets' 00[LIB] L1 - version: ASN1 tag 0x02 expected, but is 0x30 00[LIB] building CRED_PRIVATE_KEY - RSA failed, tried 5 builders 00[CFG] loading private key from '/etc/ipsec.d/private/211Key.pem' failed 00[DMN] loaded plugins: aes des sha1 sha2 md5 fips-prf random x509 pubkey pkcs1 pgp dnskey pem xcbc hmac gmp kernel-netlink stroke updown attr resolve 00[JOB] spawning 16 worker threads charon (30659) started after 60 ms 12[CFG] stroke message => 426 bytes @ 0xb116d1a0 12[CFG] 0: AA 01 00 00 03 00 00 00 FF FF FF FF 34 01 00 00 ............4... 12[CFG] 16: 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ................ 12[CFG] 32: 00 00 00 00 02 00 00 00 01 00 00 00 00 00 00 00 ................ 12[CFG] 48: 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 ................ 12[CFG] 64: 00 00 00 00 01 00 00 00 42 01 00 00 6A 01 00 00 ........B...j... 12[CFG] 80: 01 00 00 00 10 0E 00 00 30 2A 00 00 1C 02 00 00 ........0*...... 12[CFG] 96: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 12[CFG] 112: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 12[CFG] 128: 03 00 00 00 64 00 00 00 1E 00 00 00 00 00 00 00 ....d........... 12[CFG] 144: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 12[CFG] 160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 12[CFG] 176: 80 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 12[CFG] 192: 00 00 00 00 00 00 00 00 8C 01 00 00 00 00 00 00 ................ 12[CFG] 208: 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 ................ 12[CFG] 224: 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 12[CFG] 240: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 12[CFG] 256: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 12[CFG] 272: 00 00 00 00 9B 01 00 00 00 00 00 00 00 00 00 00 ................ 12[CFG] 288: 00 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00 ................ 12[CFG] 304: 00 00 00 00 32 31 31 54 4F 36 30 54 75 6E 6E 65 ....211TO178Tunnel 12[CFG] 320: 6C 00 61 65 73 31 32 38 2D 73 68 61 31 2D 6D 6F l.aes128-sha1-mo 12[CFG] 336: 64 70 32 30 34 38 2C 33 64 65 73 2D 73 68 61 31 dp2048,3des-sha1 12[CFG] 352: 2D 6D 6F 64 70 31 35 33 36 00 61 65 73 31 32 38 -modp1536.aes128 12[CFG] 368: 2D 73 68 61 31 2C 33 64 65 73 2D 73 68 61 31 00 -sha1,3des-sha1. 12[CFG] 384: 32 31 31 43 65 72 74 2E 70 65 6D 00 31 30 2E 32 211Cert.pem.10.2 12[CFG] 400: 30 31 2E 31 31 34 2E 32 31 31 00 31 30 2E 32 30 01.114.211.10.20 12[CFG] 416: 31 2E 31 31 34 2E 31 37 38 00 1.114.178. 12[CFG] received stroke: add connection '211TO178Tunnel' 12[CFG] conn 211TO178Tunnel 12[CFG] left=10.201.114.211 12[CFG] leftsubnet=(null) 12[CFG] leftsourceip=(null) 12[CFG] leftauth=(null) 12[CFG] leftauth2=(null) 12[CFG] leftid=(null) 12[CFG] leftid2=(null) 12[CFG] leftcert=211Cert.pem 12[CFG] leftcert2=(null) 12[CFG] leftca=(null) 12[CFG] leftca2=(null) 12[CFG] leftgroups=(null) 12[CFG] leftupdown=(null) 12[CFG] right=10.201.114.178 12[CFG] rightsubnet=(null) 12[CFG] rightsourceip=(null) 12[CFG] rightauth=(null) 12[CFG] rightauth2=(null) 12[CFG] rightid=(null) 12[CFG] rightid2=(null) 12[CFG] rightcert=(null) 12[CFG] rightcert2=(null) 12[CFG] rightca=(null) 12[CFG] rightca2=(null) 12[CFG] rightgroups=(null) 12[CFG] rightupdown=(null) 12[CFG] eap_identity=(null) 12[CFG] ike=aes128-sha1-modp2048,3des-sha1-modp1536 12[CFG] esp=aes128-sha1,3des-sha1 12[CFG] mediation=no 12[CFG] mediated_by=(null) 12[CFG] me_peerid=(null) 12[KNL] getting interface name for 10.201.114.178 12[KNL] 10.201.114.178 is not a local address 12[KNL] getting interface name for 10.201.114.211 12[KNL] 10.201.114.211 is on interface eth0 12[CFG] loaded certificate "C=IN, ST=KAR, O=WT, OU=TEV, CN=211, [email protected]" from '211Cert.pem' 12[CFG] id '10.201.114.211' not confirmed by certificate, defaulting to 'C=IN, ST=KAR, O=WT, OU=TEV, CN=211, [email protected]' 12[CFG] added configuration '211TO178Tunnel' Regards Shyam -----Original Message----- From: Martin Willi [mailto:[email protected]] Sent: Monday, April 19, 2010 10:03 PM To: Shyamsundar Purkayastha (WT01 - Telecom Equipment) Cc: [email protected] Subject: RE: [strongSwan] Trying a basic peer to peer ipsec setup with strongswan and is failing due to some key related issue > How can I see explicit logs related to charon startup ? Try to start charon in the foreground using ipsec start --nofork Regards Martin Please do not print this email unless it is absolutely necessary. The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments. WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email. www.wipro.com _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
