[Swan] host-to-host config fails with Can't find the certificate or private key
Paul Wouters
paul at nohats.ca
Fri Oct 5 18:29:30 UTC 2018
On Thu, 4 Oct 2018, Alex wrote:
> I realized I only sent this to you directly last time. I'm still
> having trouble and hoped someone could help.
>
>> The config file you posted used leftckaid= and you said you copied it to both sides which wouldn’t work. Can you confir you are trying only with leftrsasigkey and rightrsasigkey ? If that still fails send me output using plutodebug=all and fresh certutil / showhostkey output
>
> Yes, I used leftrsasigkey and rightrsasigkey, not the ckaid settings.
> Both failed, but now I at least understand why the ckaid settings
> failed, after your explanation.
>
> I've attached the logs from the last few minutes after "ipsec start;
> ipsec auto --add mytunnel; ipsec auto --up mytunnel" on both sides.
> I've also attached the "ipsec status" output from both sides. I've
> also attached the current ipsec.conf used on both sides.
Run ipsec whack --listpubkeys on both ends and confirm you have the
proper keys configured?
If not using identical ipsec.conf files on both ends, ensure that you
did not accidentally swap the two keys on one end? Because if you
really only have two keys and libreswan tried the wrong key, that's
the only thing that could have happened, since there would only be
one other key that could be the wrong one which is their own key.
Paul
More information about the Swan
mailing list