> Thanks, > Sony > > On Tue, Aug 30, 2022 at 9:44 PM Paul Wouters <[email protected]> wrote: >> >> On Tue, 30 Aug 2022, Sony Arpita Das wrote: >> >> > I am trying to setup host-to-host VPN and I get the following message - >> > private key matching CKAID '67fc9d0686eeba870eb2c6a7608156b64e0316d0' not >> > found: can't find the >> > private key matching the NSS CKAID >> >> Can you try: >> >> certutil -K -d sql:/etc/ipsec.d >> certutil -K -d sql:/var/lib/ipsec/nss/ipsec.d >> >> Just to confirm that you are using the nssdb you think you are using? >> >> > >> > rightrsasigkey=0sAwEAAbhUgd1lQvtXY2PK3j3TiqtxmB7dIZvICCx1JK6fPwPZ851HjH8Kgg/PNg1g6GVTEl83MDaWYYKtiV >> > QUYnOx9tBH0GxEHdRCq1vkb/1O5X8EIgoEEarstzc3tlJFJq+x/Uy5e+kVkQRlK1UVMJgzwORcuUp/+cezqwZrArQJz2QJsIg4 >> > qP79T1LSQlQpg6oYP+vRMXwoS0MYuE5s+NU3L4jmJKh4lRX2InOxoUC1Oz1d3+wPXJGjf61jq2U9yal6bPhHPVF+RvRXGykjnz >> > gCj9H0sR8RPk/tBAtM255EsG4fFIrbdpmH/iJRgdZixq8rmUvPAQ6kVw05vL/Hf05YecLjTD3Slvv/ZP9mh16veEfdcibMMnda >> > mPLcSL0KITljvAmR8+AVDLFNsknRJhvY/gNMI7ufbpi1+0jzIyyukUZEuWsgxmCt6gMcGG4MnISlaRhZUC7JNDN1XYA3/cG2gC >> > hpejYflZ+qfHtN0GIo6WAtqqSFiZM47sPP0z4t8Kp67ewKB7i71Zz00Cw94etbXF3ihMNohjx7y4p9NHJzQYAQDYBLxFdZu+E6 >> > sVvepFRNGEPh >> > rightckaid=21075ce1a098cfcf82859e1b91e26f530c192bbe >> >> Note that ckaid is only a LOCAL identifier, so be sure to only use it as >> such. The rsasigkey= can be used as LOCAL and REMOTE identifier. Maybe >> instead of rightckaid=, use
The CKAID can be used by both ends. For instance, here's ipsec.conf file used by the test I cited: config setup # put the logs in /tmp for the UMLs, so that we can operate # without syslogd, which seems to break on UMLs logfile=/tmp/pluto.log logtime=no logappend=no dumpdir=/tmp plutodebug=all conn hostkey left=192.1.2.45 leftsubnet=192.0.1.0/24 right=192.1.2.23 rightsubnet=192.0.2.0/24 authby=ecdsa # ecdsakey iZwlCr0T9 rightecdsakey=0skEyuBiXyVoB/d7+Hk7SuoM2o7SwZG6vizTFnzsgbNw+WBg2Q2NV44QKmcI8daIFbnehhVedxKi0hBQwR9EIHMw== # ecdsakey wAOi3uXfB leftecdsakey=0sGL/PzKgowpZR77YtQnB5bzFN/tG9+BuUNgAdBVFVsR2qQ2NoxZoA1Y5CjpN3PJvearEaFYif6NrEnoGpC47E1Q== _______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
