IKEv2 / IPSec doesn't seem to work with external ECDSA Certificates



  • I have an external certificate authority. I imported the CA/Key and the Server Cert/Key into pfsense.

    I'm fairly certain I have the correct certificate extensions, see attachment.

    Dec 28 15:32:14	charon: 05[ENC] <con1|23> generating IKE_AUTH response 1 [ N(AUTH_FAILED) ]
    Dec 28 15:32:14	charon: 05[ENC] generating IKE_AUTH response 1 [ N(AUTH_FAILED) ]
    Dec 28 15:32:14	charon: 05[IKE] <con1|23> no private key found for 'vpn.redacted.com'
    Dec 28 15:32:14	charon: 05[IKE] no private key found for 'vpn.redacted.com'
    Dec 28 15:32:14	charon: 05[IKE] <con1|23> peer supports MOBIKE</con1|23></con1|23></con1|23>
    

    If I do a "ipsec listcerts" at the command line, I do not see the "has private key" message. If I switch it to a generated RSA key, I do see the "has private key" message.
    ![Screen Shot 2015-12-28 at 3.41.54 PM.png](/public/imported_attachments/1/Screen Shot 2015-12-28 at 3.41.54 PM.png)
    ![Screen Shot 2015-12-28 at 3.41.54 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2015-12-28 at 3.41.54 PM.png_thumb)


Log in to reply