Our Changelog says: strongswan-4.3.4 ----------------
- The IKEv2 charon daemon supports include files in ipsec.secrets. So probably charon stops parsing ipsec.secrets due to the unsupported include statement. Regards Andreas On 22.06.2010 18:50, Shane W wrote:
Hi, I was using Debian strongswan 4.3.2 and Debian has an include directive in ipsec.secrets. Taking that out solves the problem. Odd that pluto handled that though. Thanks, Shane On Tue, Jun 22, 2010 at 11:49:18AM +0200, Andreas Steffen wrote:Hi Shane, the first output comes from the IKEv1 pluto daemon who finds the matching private key whereas the second output is from the IKEv2 charon daemon who fails in finding the private key. If you disable the pluto daemon by setting config setup plutostart=no in ipsec.conf then you won't get these duplicate outputs. Returning to your problem: - Which strongSwan version are you using? - Is your private key encrypted by a password? - Are there any error messages in your log if you type ipsec rereadsecrets Regards Andreas 22.06.2010 11:29, Shane W wrote:Hey all, I have done some archive searching on this one and previous issues have either been with ipsec.secrets providing the right password or key not matching cert issues. However, I have checked these things and am still getting this message. Jun 22 02:10:32 li01 charon: 14[IKE] no private key found for 'C=CA, ST=British Columbia, O=Continuum Systems, CN=li01.csy.ca' And yet, an ipsec listcerts shows that the cert has the private key the first time round but in the endpoint list, it doesn't. Why is the key being listed twice here? li01:~# ipsec listcerts 000 000 List of X.509 End Certificates: 000 000 Jun 22 02:20:59 2010, count: 1 000 subject: 'C=CA, ST=British Columbia, O=Continuum Systems, CN=li01.csy.ca' 000 issuer: 'C=CA, ST=British Columbia, L=Vancouver, O=Continuum Systems, CN=li01 CA' 000 serial: 02 000 validity: not before Jun 22 02:08:43 2010 ok 000 not after Jun 19 02:08:43 2020 ok 000 pubkey: RSA 2048 bits, has private key 000 keyid: 09:c2:ed:6b:83:fc:99:1d:dc:ba:8d:68:9c:dc:4d:bd:68:a7:ab:4b 000 subjkey: 32:83:42:5c:1a:d7:96:42:e7:73:45:dc:d7:b4:7c:02:f3:8f:41:6c 000 authkey: 0d:33:d4:3b:fd:a8:40:03:88:ad:65:ba:dd:f6:57:50:72:b5:90:f2 List of X.509 End Entity Certificates: subject: "C=CA, ST=British Columbia, O=Continuum Systems, CN=li01.csy.ca" issuer: "C=CA, ST=British Columbia, L=Vancouver, O=Continuum Systems, CN=li01 CA" serial: 02 validity: not before Jun 22 02:08:43 2010, ok not after Jun 19 02:08:43 2020, ok pubkey: RSA 2048 bits keyid: 09:c2:ed:6b:83:fc:99:1d:dc:ba:8d:68:9c:dc:4d:bd:68:a7:ab:4b subjkey: 32:83:42:5c:1a:d7:96:42:e7:73:45:dc:d7:b4:7c:02:f3:8f:41:6c authkey: 0d:33:d4:3b:fd:a8:40:03:88:ad:65:ba:dd:f6:57:50:72:b5:90:f2 Any help greatly appreciated, Shane
-- ====================================================================== Andreas Steffen [email protected] strongSwan - the Linux VPN Solution! www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]==
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
