Thursday, October 7, 2010

Strongswan: ike alg: unable to locate my private key

If you are using StrongSwan to establish an IPSec connection and you encounter this error:
root@crackjack:~# ipsec up conn-to-td
002 "conn-to-td" #2: initiating Main Mode
002 "conn-to-td" #2: ike alg: unable to locate my private key
002 "conn-to-td" #2: ike alg: unable to locate my private key
003 "conn-to-td" #2: empty ISAKMP SA proposal to send (no algorithms for ike selection?)

Then I have found the way to solve the first part of your problem - the private key part. Basically, after FreeSwan became OpenSwan and then finally StrongSwan, they created a directory for each individual part under /etc/ipsec.d. So for example the CA certs are stored in the folder /etc/ipsec.d/cacerts, or the certs you got are stored in /etc/ipsec.d/certs. Similarly, you are supposed to store your private key at /etc/ipsec.d/private. What you have probably done is that in /etc/ipsec.conf you wrote down
leftcert=/etc/ipsec.d/private/my_private_key.pem
When in fact you should have your /etc/ipsec.conf as the following:

# ipsec.conf - strongSwan IPsec configuration file

# basic configuration

config setup
    plutodebug=all
    plutostderrlog=/var/log/pluto.log
    charonstart=yes
    plutostart=yes


conn host-to-host
      left=
      leftcert=my_cert.pem
      leftid=my_private_key.pem
      right=
      rightid=
      auto=start
      pfs=no
      rekey=no
      keyingtries=3
After this, you can do the faithful /etc/init.d/ipsec restart and the private key problem will disappear

1 comment:

  1. Do you need to increase your credit score?
    Do you intend to upgrade your school grade?
    Do you want to hack your cheating spouse Email, whatsapp, Facebook, instagram or any social network?
    Do you need any information concerning any database.
    Do you need to retrieve deleted files?
    Do you need to clear your criminal records or DMV?
    Do you want to remove any site or link from any blog?
    you should contact this hacker, he is reliable and good at the hack jobs..
    contact : cybergoldenhacker at gmail dot com

    ReplyDelete