Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IKEv2 / IPSec doesn't seem to work with external ECDSA Certificates

    Scheduled Pinned Locked Moved IPsec
    1 Posts 1 Posters 1.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jsvg
      last edited by

      I have an external certificate authority. I imported the CA/Key and the Server Cert/Key into pfsense.

      I'm fairly certain I have the correct certificate extensions, see attachment.

      Dec 28 15:32:14	charon: 05[ENC] <con1|23> generating IKE_AUTH response 1 [ N(AUTH_FAILED) ]
      Dec 28 15:32:14	charon: 05[ENC] generating IKE_AUTH response 1 [ N(AUTH_FAILED) ]
      Dec 28 15:32:14	charon: 05[IKE] <con1|23> no private key found for 'vpn.redacted.com'
      Dec 28 15:32:14	charon: 05[IKE] no private key found for 'vpn.redacted.com'
      Dec 28 15:32:14	charon: 05[IKE] <con1|23> peer supports MOBIKE</con1|23></con1|23></con1|23>
      

      If I do a "ipsec listcerts" at the command line, I do not see the "has private key" message. If I switch it to a generated RSA key, I do see the "has private key" message.
      ![Screen Shot 2015-12-28 at 3.41.54 PM.png](/public/imported_attachments/1/Screen Shot 2015-12-28 at 3.41.54 PM.png)
      ![Screen Shot 2015-12-28 at 3.41.54 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2015-12-28 at 3.41.54 PM.png_thumb)

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.