Project

General

Profile

Actions
Copy link

Bug #12008

closed

IPsec - mutual certificate - can't find priv key

Added by Fabio V over 4 years ago. Updated over 4 years ago.

Status:
Not a Bug
Priority:
Normal
Assignee:
-
Category:
IPsec
Target version:
-
Start date:
06/08/2021
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Default
Affected Version:
2.5.1
Affected Architecture:

Description

IPsec with mutual certificate
Jun 8 07:35:28 charon 95058 16[IKE] <con400000|35> IKE_SA con40000035 state change: CONNECTING => DESTROYING
Jun 8 07:35:28 charon 95058 16[MGR] <con400000|35> tried to checkin and delete nonexistent IKE_SA
Jun 8 07:35:28 charon 95058 16[CFG] <con400000|35> configuration uses unsupported authentication
Jun 8 07:35:28 charon 95058 16[IKE] <con400000|35> no private key found for 'xxx.xxx.125.253'
Jun 8 07:35:28 charon 95058 16[IKE] <con400000|35> IKE_SA con40000035 state change: CREATED => CONNECTING
Jun 8 07:35:28 charon 95058 16[IKE] <con400000|35> initiating Main Mode IKE_SA con40000035 to xxx.xxx.53.24

xxx.xxx.125.253 my ip - my identifier
even changing the identifier, with asn.1 for example, the result is the same: "no private key found"

[2.5.1-RELEASE][]/root: swanctl --list-certs | grep -i private
pubkey: RSA 2048 bits, has private key

[2.5.1-RELEASE][]/root: swanctl --load-creds --file /var/etc/ipsec/swanctl.conf
loaded certificate from '/var/etc/ipsec/x509/cert-4.crt'
loaded certificate from '/var/etc/ipsec/x509ca/9870a772.0'
loaded certificate from '/var/etc/ipsec/x509ca/7d46ea71.0'
loaded RSA key from '/var/etc/ipsec/private/cert-4.key'
loaded ike secret 'ike-0'

same vpn on 2.4.5-RELEASE-p1 works good

Actions
Copy link

Also available in: Atom PDF