Hello, The charon daemon keeps restarting after the "loading secrets from '/etc/ipsec.secrets' log line when the private key is in der format. In pem form, same thing but with:
Nov 30 14:28:52 00[CFG] loading secrets from '/etc/ipsec.secrets' Nov 30 14:28:52 00[LIB] file content is not binary ASN.1 Nov 30 14:28:52 00[LIB] -----BEGIN EC PRIVATE KEY----- Nov 30 14:28:52 00[LIB] -----END EC PRIVATE KEY----- So der form seems the way to go. It appears that I'm having the same issue as this: https://lists.strongswan.org/pipermail/users/2008-December/003030.html I've regenerated these ECDSA keys several times and I'm at a loss right now how to get going with SuiteB testing. I've attached the files that I'm using, hoping that someone can tease a clue out from them. Thanks in advance for any help anyone can provided, Bill Note: I was unable to use "ipsec pki" commands to create the keys so I resolved myself to using openssl and I removed the passphase from the private key file, so I know that can't be the issue. To do this I did the following: [r...@kap8 private]# openssl ecparam -genkey -name secp384r1 -out testParam.pem [r...@kap8 private]# openssl req -x509 -newkey ec:testParam.pem -config /root/openssl.cnf -out testPub.pem -outform PEM Generating a 384 bit EC private key writing new private key to 'privkey.pem' Enter PEM pass phrase: Verifying - Enter PEM pass phrase: ----- ... [r...@kap8 private]# ls privkey.pem temp testParam.pem testPub.pem [r...@kap8 private]# openssl ec -in privkey.pem -out testKey.pem read EC key Enter PEM pass phrase: writing EC key [r...@kap8 private]# ls privkey.pem temp testKey.pem testParam.pem testPub.pem [r...@kap8 private]# openssl ec -outform DER -in testKey.pem -out testKey.der read EC key writing EC key
[r...@kap8 private]# cat testParam.pem -----BEGIN EC PARAMETERS----- BgUrgQQAIg== -----END EC PARAMETERS----- -----BEGIN EC PRIVATE KEY----- MIGkAgEBBDDuHwr1p5ZlK17QbDVXF6sCcPVzjc6t4SDUaE8JrsthlOZQBYdCjExD 8J2QbFtklWCgBwYFK4EEACKhZANiAARDeJ1ukKv4HgwgBGdRdF0wQDdwOvUeNeCM i+hFxUKfdubBwY3YvsKYxkqXb4mYsV3oUQbPOpW8zXTnEkGg9s6N4BzMoIxKErnO wlzmTwTJYrLR7CFl7p3k711TLWmXTMs= -----END EC PRIVATE KEY----- [r...@kap8 private]# cat privkey.pem -----BEGIN EC PRIVATE KEY----- Proc-Type: 4,ENCRYPTED DEK-Info: DES-EDE3-CBC,1E1DC93B52BBD178 CJH1w/Vo2//+JAQXCUELjjglVBjxwNfyAc0Jj5/3XfG9In9iwG8uwHeajIheX27L M9HqzGwiQTpkhRFhbiQRzaVrNbY+bMvJb7l/WmgKVLbWwVrMJPTigfB2SonXqt5Y S5d4oI9hPqbvRqvZH8lCf6SX2hACrapuSwNbaKj4ecwm6UF7yuRk0mQNIZel0oYp f9rXNeDECPyyukUU6VEYxigESpIBuWRy -----END EC PRIVATE KEY----- [r...@kap8 private]# cat testKey.pem -----BEGIN EC PRIVATE KEY----- MIGkAgEBBDDZEXKs5SlKCp7i3DQkDLbU9gKtOXX0jGu2qNHZolzrcWfGMxGFuKFD 6GFe+AExqKWgBwYFK4EEACKhZANiAAS8pGuWortqmu9ZyznAAPegkO2LgGX5ZFAH yfI8q8uMtTaB6vm2kzqSqvSX8KC2D3k9KoBD7hvk8mv/RRI3CbXUhvw/sbv/atzD OWlagN5IqZssGv8eZNY6UmrXwNc9SUo= -----END EC PRIVATE KEY----- [r...@kap8 private]# cat testPub.pem -----BEGIN CERTIFICATE----- MIICGTCCAaCgAwIBAgIJAMiJtV7hAS5DMAkGByqGSM49BAEwNjELMAkGA1UEBhMC VVMxCzAJBgNVBAgTAk5DMQswCQYDVQQKEwJDTzENMAsGA1UEAxMES0FQODAeFw0x MDExMzAyMDIwNThaFw0xMDEyMzAyMDIwNThaMDYxCzAJBgNVBAYTAlVTMQswCQYD VQQIEwJOQzELMAkGA1UEChMCQ08xDTALBgNVBAMTBEtBUDgwdjAQBgcqhkjOPQIB BgUrgQQAIgNiAAS8pGuWortqmu9ZyznAAPegkO2LgGX5ZFAHyfI8q8uMtTaB6vm2 kzqSqvSX8KC2D3k9KoBD7hvk8mv/RRI3CbXUhvw/sbv/atzDOWlagN5IqZssGv8e ZNY6UmrXwNc9SUqjezB5MAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5T U0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBRTniUDvKT6GybwVcDd C2sUMDSPLzAfBgNVHSMEGDAWgBRTniUDvKT6GybwVcDdC2sUMDSPLzAJBgcqhkjO PQQBA2gAMGUCMEFzBA1GTvrT1asO5VKJPOwIIF+B/ggaWgs0VxOHK61RhG7K4CTb hCxUoKUPdW5R9wIxAKNNHOB62PX3WfblHXu+HVzTAwlpOYegsohtu24iGbbPoR9z NFDpOP5EdPZJ1yolww== -----END CERTIFICATE----- [r...@kap8 private]#
ipsec.conf
Description: Binary data
ipsec.secrets
Description: Binary data
strongswan.conf
Description: Binary data
_______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
