sftf wrote: > Connection stop with "charon: 11[IKE] no private key found for..." followed > by gateway's cert ID. > Private gateway's key is in /etc/ipsec.d/private/gw.superprime.ru-key.pem and > not encrypted. > Looks like strongswan didn't "see" private key gw.superprime.ru-key.pem.
Putting your private key in /etc/ipsec.d/private/ is not enough. You also need to tell strongSwan about this key in /etc/ipsec.secrets. Check out http://wiki.strongswan.org/projects/strongswan/wiki/IpsecSecrets You have to include something like : RSA moonKey.pem Note that strongSwan is picky about the exact format of this file. Don't forget the space character between ":" and "RSA". Run "ipsec listcerts". It should output something like subject: "CN=Foobar" issuer: "CN=Example CA, [email protected]" serial: 01 validity: not before Sep 26 22:45:53 2009, ok not after Sep 25 22:45:53 2012, ok pubkey: RSA 1024 bits, has private key keyid: 85:fb:d9:93:1b:d7:31:00:02:b6:38:57:c8:53:cb:22:b7:cd:c8:16 subjkey: 66:83:4b:fb:d4:48:7f:2c:07:7d:d7:32:2a:da:64:00:57:0a:ba:70 authkey: d2:c4:db:03:58:9d:0d:aa:4a:6c:89:ad:6d:83:b7:47:f7:ff:3e:33 Watch out for "has private key". This tells you whether strongSwan was able to read the corresponding private key. Does that answer your question? -Daniel _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
