> > I think I'm a little confused as to where the keys need to go. Do I > > need to export the cert (without key) and dump it into > > /etc/ipsec.d/certs and export the key separately and dump it into > > /etc/ipsec.d/private? > > > Yes, this is correct! >
Andreas, So I exported the cert/key separately and now ipsec certlists shows that the private key is included. The now when I run the ipsec up connname it appears to be doing the negotiation but dies with the error listed below: parsed IKE_AUTH response 1 [ N(AUTH_FAILED) ] received AUTHENTICATION_FAILED notify error Feb 24 08:52:47 hslinvpn01 charon: 14[IKE] establishing CHILD_SA fre-lin Feb 24 08:52:47 hslinvpn01 charon: 14[IKE] establishing CHILD_SA fre-lin Feb 24 08:52:47 hslinvpn01 charon: 14[ENC] generating IKE_AUTH request 1 [ IDi IDr AUTH SA TSi TSr N(EAP_ONLY) ] Feb 24 08:52:47 hslinvpn01 charon: 14[NET] sending packet: from Feb 24 08:52:47 hslinvpn01 charon: 15[NET] received packet: from Feb 24 08:52:47 hslinvpn01 charon: 15[ENC] parsed IKE_AUTH response 1 [ N(AUTH_FAILED) ] Feb 24 08:52:47 hslinvpn01 charon: 15[IKE] received AUTHENTICATION_FAILED notify error Feb 24 08:52:54 hslinvpn01 charon: 10[CFG] received stroke: terminate 'fre-lin' Feb 24 08:52:54 hslinvpn01 charon: 10[CFG] no IKE_SA named 'fre-lin' found _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
