How can I see explicit logs related to charon startup ?
Try to start charon in the foreground using
ipsec start --nofork
Martin
I ran the ipsec start --nofork command
As you mentioned in your earlier reply the issue is indeed with loading the
private key . It throws the following error
Hello,
the error message from the ASN.1 parser means that the
file /etc/ipsec.d/private/211Key.pem does not contain
a private key but probably an X.509 certificate.
Kind regards
Andreas
On 20.04.2010 08:05, shyamsundar.purkayas...@wipro.com wrote:
How can I see explicit logs related to charon
the error message from the ASN.1 parser means that the
file /etc/ipsec.d/private/211Key.pem does not contain
a private key but probably an X.509 certificate.
After uncommenting the load statement in strongswan.conf I am not
getting the ASN.1 parser error but still the loading of private key
Hello Vladimir,
the Message ID will be unique non-zero and the encryption will
be derived from the IKE Phase 1 IV.
The following link shows the function generate_msgid() which
generates a unique msgid:
One more info. I have generated the keys using openssl command . In
that
case is it required to load the openssl module in charon. ?
The openssl command generates keys in the standardized PKCS#1
format which can be read by strongSwan's pkcs1 plugin. There
is no need to load the openssl
Hi Andreas
As an alternative I have also tried with the der format of the keys
for
which the procedure is given in the documentation section titled
Setting-
up a simple CA using strongSwan PKI tool
Even with this I get the same results and the same error message at
ipsec
start --nofork
On 20.04.2010 12:11, shyamsundar.purkayas...@wipro.com wrote:
But I have a new error when I try to bring up my configuration
[r...@localhost ~]# ipsec up 211TO60Tunnel
initiating IKE_SA 211TO60Tunnel[3] to 10.201.114.178
generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
On 20.04.2010 12:11, shyamsundar.purkayas...@wipro.com wrote:
But I have a new error when I try to bring up my configuration
[r...@localhost ~]# ipsec up 211TO60Tunnel
initiating IKE_SA 211TO60Tunnel[3] to 10.201.114.178
generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP)
]
Hello All,
We've a problem here with a couple of errant security-gateways when trying
to connect our strongswan-using software to them.
Originally, we specified a connection to use the following params:
ike=aes-sha-modp1024!
esp=aes-sha1
The first segw was *unhappy* with this, because the