openswan on sles: invalid_id_information
I would like to establish an ipsec connection with openswan on two SLES VMware images (end-to-end, with certificates).
Whatever I try I always get the following errors in the logs:
...
unable to locate my private key for RSA signature
...
...
Main mode peer ID is ID_DER_ASN1_DN: 'C=...'
no crl from issuer "C=..."
no suitable connection for peer 'C=...'
sending encrypted notification INVALID_ID_INFORMATION to ...
The ipsec.conf:
config setup
plutowait=yes
conn %default
leftrsasigkey=%cert
rightrsasigkey=%cert
include /etc/ipsec.d/examples/no_oe.conf
conn A-B
left=192.168.124.50
leftid="C=DE, ... , CN=A.mydomain.com"
leftsubnet=
leftnexthop=%direct
right=192.168.124.56
rightid="C=De, ... , CN=B.mydomain.com"
rightcert=/etc/ipsec.d/certs/B_cert.pem
rightsubnet=
rightnexthop=%direct
auto=start
I copied the private keys of the certificates on each server to
/etc/ipsec.d/private/
I verified that the data inserted in ipsec.conf for "leftid" and "righid"
are identical to the content of the subjects of the server certificates.
Has someone an idea how to solve this?
|