Question

the server is up and running, i can't connect from the linux machine

Connected Tutorial
This question is a follow-up to this tutorial:

Hello. I have set up the server. I can run connection on android with strongswan app. However, not on debian machine. Command : sudo systemctl start strongswan-starter is does not give any output. after command : sudo charon-cmd --cert ca-cert.pem … it gives info that : 00[LIB] created TUN device: ipsec0 00[LIB] dropped capabilities, running as uid 0, gid 0 00[DMN] Starting charon-cmd IKE client (strongSwan 5.9.1, Linux 5.10.0-10-amd64, x86_64) 00[LIB] loaded plugins: charon-cmd aesni aes rc2 sha2 sha1 md5 mgf1 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 sshkey pem openssl fips-prf gmp agent xcbc hmac gcm drbg kernel-libipsec kernel-netlink resolve socket-default bypass-lan eap-identity eap-md5 eap-gtc eap-mschapv2 eap-tls eap-ttls xauth-generic 00[LIB] opening ‘ca-cert.pem’ failed: No such file or directory 00[LIB] building CRED_CERTIFICATE - X509 failed, tried 4 builders 00[CFG] loading certificate from ‘ca-cert.pem’ failed

How should i proceed ? I would prefer to run strongswan connection run automaticaly from system startup. Please help. W.


Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Want to learn more? Join the DigitalOcean Community!

Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.

Hello,

It looks like the ca-cert.pem certificate file is failing to be loaded.

Can you verify that the certificate is also present in the /etc/ipsec.d/cacerts directory and that it has the correct permissions?

If the certificate is not there, you might have to re-generate the certificates as shown in step 2.

Best,

Bobby