IPSec Failed to Get Private Key

Hi,

I’m failed on configuring IPSec with Mikrotik v5.24 with following log.

03:28:40 ipsec,debug 2 has no key file?!
03:28:40 ipsec,debug failed to get private key.
03:28:40 ipsec,debug failed to process packet.
03:28:40 ipsec,debug phase1 negotiation failed.

But, when I list the certificates, I can see “KR” flag on certificate used Mrxlazuardin certificate like below.

[admin@MK-28] > certificate print
Flags: K - decrypted-private-key, Q - private-key, R - rsa, D - dsa
0 name=“Diskominfo-CA” subject=C=ID,ST=West Java,O=Diskominfo,OU=CA,CN=Diskominfo
issuer=C=ID,ST=West Java,O=Diskominfo,OU=CA,CN=Diskominfo
serial-number=“B38F47BD4F959744” invalid-before=may/28/2013 18:34:44
invalid-after=may/27/2016 18:34:44 ca=yes

1 name=“Diskominfo”
subject=C=ID,ST=West Java,L=Bandung,O=Diskominfo,OU=VPN,CN=Diskominfo
issuer=C=ID,ST=West Java,O=Diskominfo,OU=CA,CN=Diskominfo
serial-number=“B38F47BD4F959745” invalid-before=may/28/2013 18:43:32
invalid-after=may/28/2014 18:43:32 ca=no

2 KR name=“Mrxlazuardin”
subject=C=ID,ST=West Java,L=Bandung,O=Mrxlazuardin,CN=Mrxlazuardin
issuer=C=ID,ST=West Java,O=Diskominfo,OU=CA,CN=Diskominfo
serial-number=“B38F47BD4F959746” invalid-before=may/28/2013 19:35:33
invalid-after=may/28/2014 19:35:33 ca=no

I have set Mrxlazuardin as “Certificate” and Diskominfo “Remote Certificate” on IPSec Peer configuration with RSA Signature mode. Diskominfo-CA is CA certificate. What have I missed?

Best regards,

I had the same problem these many years later.

a) Make sure you have imported the key and the certificate, in System/Certificates it should show KT in the second column.

b) Make sure you selected the right certificate in the IPSec peer settings. You should have the private kye for certificate and only the public key for “remote certificate”