2

I'm setting up an IPSec connection between two Strongswan clients using RSA "sigkeys." The documentation says that leftsigkey and rightsigkey are used to provide the public RSA keys for the two participants but I don't know how to provide the private key for the "left side" participant. The documentation doesn't mention how to do this. Being asymmetric cryptography, the left side needs its private key provided somehow (which is confirmed by the message in the debug log: no RSA private key found for...).

I've scoured the Strongswan documentation, website and the Internet in general and can't find an answer to this or even another mention of this "issue".

How can I provide the private key for the "left side" participant?

I say Reinstate Monica
  • 25,487
  • 19
  • 95
  • 131
mgperkow
  • 23
  • 2

1 Answers1

0

You have to load the private key via ipsec.secrets. Example configurations can be found in e.g. the ikev2/net2net-pubkey or ikev2/net2net-rsa test scenarios (also read ConfigurationExampleNotes).

ecdsa
  • 1,178
  • 9
  • 13
  • You're quite right. Turns out I had some of my keys in the wrong format. But your response helped me because it allowed me to rule out my concern that I was misconfiguring something. Thank you! – mgperkow Aug 18 '16 at 14:31