IPsec no private key found

Virtual Private Networks IPsec
1

Hi,
I can’t connect to IPsec because it’s not found the private key:

ipsec_1
ipsec_11912×698 132 KB

Private key it’s not FlorinTanasaServici.p12?

Messages from IPfire server:
Server messages

Also look at my setting:
IPsec Setting

With OpenVPN I can connect but the speed is slow it’s less a half from my wire speed.
I run IPfire on Proxmox, but virtual machine have the same speed with wire connection. On OpenVPN I not know why is slow, so now I try IPsec.

Only with IPfire I can run WiFi connection using my wifi onboard card (I have ODYSSEY - X86J4125864 v2) using passthrough PCIe.

Thank you!

2

With respect to the OpenVPN speeds, what processor is the host using and which processor have you chosen for the IPF guest?

3

Hi Nick,
For IPfire,

[root@ipfire ~]# cat /proc/cpuinfo 
processor	: 0
vendor_id	: GenuineIntel
cpu family	: 15
model		: 107
model name	: QEMU Virtual CPU version 2.5+
stepping	: 1
microcode	: 0x1
cpu MHz		: 1996.800
cache size	: 16384 KB
physical id	: 0
siblings	: 1
core id		: 0
cpu cores	: 1
apicid		: 0
initial apicid	: 0
fpu		: yes
fpu_exception	: yes
cpuid level	: 13
wp		: yes
flags		: fpu de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 syscall nx lm constant_tsc nopl xtopology cpuid tsc_known_freq pni ssse3 cx16 sse4_1 sse4_2 x2apic popcnt aes hypervisor lahf_lm cpuid_fault pti
bugs		: cpu_meltdown spectre_v1 spectre_v2 spec_store_bypass l1tf mds swapgs itlb_multihit mmio_unknown bhi
bogomips	: 3993.60
clflush size	: 64
cache_alignment	: 128
address sizes	: 40 bits physical, 48 bits virtual
power management:

and ODYSSEY - X86J4125864 v2 have Quad-core Intel® Celeron® J4125, more technical info

At speed test, htop in IPfire report for cpu up to 52%:

speed_test
speed_test1920×1080 338 KB

  • Terminal florin@srv is on UbuntuServer running in Proxmox, and the speed is the same with wire connection

  • Terminal florin@laptop is on my laptop connected at IPfire using OpenVPN

  • Test with browser is on my laptop, also connected at IPfire using OpenVPN, where I have 51,7% cpu usage.

I not think the cpu is the problem, UbuntuServer have same processor type, but with two cores, and IPfire have only one.

4

I was just trying to see if the VM has AES instructions available to it and it does seem to. But then it would depend on which OpenVPN algorithms you’d chosen as to whether it the instructions would be used.

5

I have new info,
When I start IPsec service, I see in messages next

ipsec_5
ipsec_51579×556 70.6 KB

id not confirmed by certificate.

Where is the problem?

6

Hi,
For OpenVPN a solution is to down Encryption: AES-CBC-(256 bit) to AES-CBC-(128 bit) and the Hash: SHA2 (512 bit) to SHA2 (256 bit).
Now without OpenVPN I have speed at Download 85,95 Mbps and with OpenVPN I have speed at Download 79,31 Mbps, the CPU load not exceed 50% at VM, so it’s ok now but with less protection (for test I used laptop using wifi connection).
When I found solution for IPsec I post here.