4. IKEv2 / IPSec doesn't seem to work with external ECDSA Certificates

IKEv2 / IPSec doesn't seem to work with external ECDSA Certificates

  • J

    I have an external certificate authority. I imported the CA/Key and the Server Cert/Key into pfsense.

    I'm fairly certain I have the correct certificate extensions, see attachment.

    Dec 28 15:32:14	charon: 05[ENC] <con1|23> generating IKE_AUTH response 1 [ N(AUTH_FAILED) ]
Dec 28 15:32:14	charon: 05[ENC] generating IKE_AUTH response 1 [ N(AUTH_FAILED) ]
Dec 28 15:32:14	charon: 05[IKE] <con1|23> no private key found for 'vpn.redacted.com'
Dec 28 15:32:14	charon: 05[IKE] no private key found for 'vpn.redacted.com'
Dec 28 15:32:14	charon: 05[IKE] <con1|23> peer supports MOBIKE</con1|23></con1|23></con1|23>

    If I do a "ipsec listcerts" at the command line, I do not see the "has private key" message. If I switch it to a generated RSA key, I do see the "has private key" message.
    ![Screen Shot 2015-12-28 at 3.41.54 PM.png](/public/imported_attachments/1/Screen Shot 2015-12-28 at 3.41.54 PM.png)
    ![Screen Shot 2015-12-28 at 3.41.54 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2015-12-28 at 3.41.54 PM.png_thumb)

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy