Hi, Please at least provide a full log as shown on the HelpRequests[1] page.
Kind regards Noel [1] https://wiki.strongswan.org/projects/strongswan/wiki/HelpRequests Am 16.11.20 um 15:46 schrieb Udo Pokojski: > Hello, > > > I am trying to set up an IPSEC-Tunnel authenticated by certificates. The > directory /etc/ipsec.d looks like this: > > /etc/ipsec.d# ls -lR > .: > total 36 > drwxr-xr-x 2 root root 4096 Nov 12 2019 aacerts > drwxr-xr-x 2 root root 4096 Nov 12 2019 acerts > drwxr-xr-x 2 root root 4096 Sep 28 10:36 cacerts > drwxr-xr-x 2 root root 4096 Nov 16 14:39 certs > drwxr-xr-x 2 root root 4096 Nov 12 2019 crls > drwxr-xr-x 2 root root 4096 Nov 12 2019 ocspcerts > drwxr-xr-x 2 root root 4096 Nov 12 2019 policies > drwx------ 2 root root 4096 Nov 16 14:40 private > drwxr-xr-x 2 root root 4096 Nov 12 2019 reqs > > ./aacerts: > total 0 > > ./acerts: > total 0 > > ./cacerts: > total 4 > -rw-r--r-- 1 root root 2045 Sep 28 10:36 ca-cert.pem > > ./certs: > total 16 > -rw-r--r-- 1 root root 1774 Apr 2 2020 ca-cert.pem > -rw-r--r-- 1 root root 2339 Nov 16 15:03 office-cert.pem > > ./crls: > total 0 > > ./ocspcerts: > total 0 > > ./policies: > total 0 > > ./private: > total 12 > -rw-r--r-- 1 root root 3243 Nov 16 14:24 office-key.pem > > ./reqs: > total 0 > > > This is the content of /etc/ipsec.secrets: > > # RSA private key for this host, authenticating it to any other host > # which knows the public part. > : RSA office-key.pem > > This istthe configuration for the connection: > > conn ikev2-rw > right=37.120.163.19 > # This should match the `leftid` value on your server's configuration > rightid="C=DE, ... CN=server..." > rightsubnet=10.8.0.0/24,10.9.0.0/24 > leftsubnet=192.168.200.0/24,192.168.20.0/24 > rightauth=pubkey > leftsourceip=%config > leftid="C=DE, ... CN=client" > # leftauth=eap-mschapv2 > eap_identity=%identity > auto=start > dpdaction=restart > dpdinterval=10s > closeaction=restart > > > > Establishing a connection fails. In the log I can these lines: > > Nov 16 15:40:09 nb-ubuntu ipsec[4108]: 00[CFG] loaded RSA private key from > '/etc/ipsec.d/private/office-key.pem' > Nov 16 15:40:09 nb-ubuntu charon: 09[IKE] no private key found for 'C=DE, ... > CN=client' > root@udo-nb-ubuntu:/etc/ipsec.d# > > > The private keyfile is loaded, but the keys cannot be found. I double checked > that the keyfile matches the certificate. > > Why is the private not found? > > > Thanks in advance > > Udo >
signature.asc
Description: OpenPGP digital signature