服务器 Gind.cn
  1. 服务器 Gind.cn
  3. 与strongswan的公钥authentication
Intereting Posts
Hadoop hdfs namenode正在抛出一个错误 我有根我的UNIX机器,我如何重置我的MYSQL根密码? 在VMware ESXi 5.x中,如果select2个CPU核心与2个CPU插槽,是否有所帮助? 后缀设置:中继访问被拒绝。 帮我理解 Cisco ASDMconfiguration工具崩溃连接到Cisco ASA 5510 DNS负载平衡VS增量DNS 证书SAN支持正则expression式阻塞? 使用同步选项挂载NFS,但没有noac选项 将SATA驱动器连接到多个SAS端口是否会影响吞吐量? RHEL 6从地方读取CD; 落下 iSCSI SAN – networking适配器瓶颈 在rackspace Windows实例上进行Bootstrap访问 Outlook回复内嵌评论 将VMWare VM转换为KVM 备份以跟踪运行Apache和MySQL的专用服务器上的欺诈行为

与strongswan的公钥authentication

我有两个系统r1和r2,我想使用公钥authentication在Strongswan之间build立一个ESP隧道。 我已经生成了公钥,分别存储在r1-pub.pem和r2-pub.pem中,两个系统都使用openssl。

现在我的ipsec.conf文件在系统r1中看起来像这样 

conn host-host-rsa left=1.1.1.1 leftsubnet=192.168.10.0/24 leftid=@moon.strongswan.org leftauth=pubkey leftrsasigkey=/root/r1-pub.pem right=2.2.2.2 rightsubnet=192.168.20.0/24 [email protected] rightauth=pubkey rightrsasigkey=/root/r2-pub.pem type=tunnel auto=add

而在系统r2中,configuration是 

 conn host-host-rsa left=2.2.2.2 leftsubnet=192.168.20.0/24 [email protected] leftauth=pubkey leftrsasigkey=/root/r2-pub.pem right=1.1.1.1 rightsubnet=192.168.10.0/24 [email protected] rightauth=pubkey rightrsasigkey=/root/r1-pub.pem type=tunnel auto=add

现在当在r1上启动ipsec时,我得到这个错误 

 Starting strongSwan 5.1.2 IPsec [starter]... 00[DMN] Starting IKE charon daemon (strongSwan 5.1.2, Linux 3.13.0-32-generic, x86_64) 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts' 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts' 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts' 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts' 00[CFG] loading crls from '/etc/ipsec.d/crls' 00[CFG] loading secrets from '/etc/ipsec.secrets' 00[LIB] loaded plugins: charon test-vectors aes rc2 sha1 sha2 md4 md5 random nonce x509 revocation constraints pkcs1 pkcs7 pkcs8 pkcs12 pem openssl xcbc cmac hmac ctr ccm gcm attr kernel-netlink resolve socket-default stroke updown eap-identity addrblock 00[LIB] unable to load 5 plugin features (5 due to unmet dependencies) 00[LIB] dropped capabilities, running as uid 0, gid 0 00[JOB] spawning 16 worker threads charon (607) started after 300 ms 04[CFG] received stroke: add connection 'host-host-rsa' 04[LIB] building CRED_CERTIFICATE - TRUSTED_PUBKEY failed, tried 0 builders 04[CFG] loading public key for "moon.strongswan.org" from '/root/r1-pub.pem' failed 04[LIB] building CRED_CERTIFICATE - TRUSTED_PUBKEY failed, tried 0 builders 04[CFG] loading public key for "sun.strongswan.org" from '/root/r2-pub.pem' failed 04[CFG] added configuration 'host-host-rsa'

我不知道为什么这个加载公钥错误正在发生。 任何帮助将不胜感激。

你需要pubkey插件来使用原始公钥。 如果您在strongswan.conf指定了charon.loadstrongswan.conf确保将该插件包含在列表中。 如果你还没有,那么你要么没有build立插件,要么你的发行版本没有发布。 在这两种情况下,您都必须使用适当的./configure选项从源代码重新构buildstrongSwan 。