IKEv2 / IPSec doesn't seem to work with external ECDSA Certificates
-
I have an external certificate authority. I imported the CA/Key and the Server Cert/Key into pfsense.
I'm fairly certain I have the correct certificate extensions, see attachment.
Dec 28 15:32:14 charon: 05[ENC] <con1|23> generating IKE_AUTH response 1 [ N(AUTH_FAILED) ] Dec 28 15:32:14 charon: 05[ENC] generating IKE_AUTH response 1 [ N(AUTH_FAILED) ] Dec 28 15:32:14 charon: 05[IKE] <con1|23> no private key found for 'vpn.redacted.com' Dec 28 15:32:14 charon: 05[IKE] no private key found for 'vpn.redacted.com' Dec 28 15:32:14 charon: 05[IKE] <con1|23> peer supports MOBIKE</con1|23></con1|23></con1|23>
If I do a "ipsec listcerts" at the command line, I do not see the "has private key" message. If I switch it to a generated RSA key, I do see the "has private key" message.
![Screen Shot 2015-12-28 at 3.41.54 PM.png](/public/imported_attachments/1/Screen Shot 2015-12-28 at 3.41.54 PM.png)
![Screen Shot 2015-12-28 at 3.41.54 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2015-12-28 at 3.41.54 PM.png_thumb)