[strongSwan] swanctl.conf debugging-- fails to load certificates

Stephen Ayotte stephen.ayotte at gmail.com
Thu May 11 20:32:51 CEST 2017

Thanks very much for the response / support here guys, I appreciate it.

@Noel, I'll give the host-to-host example you linked a try, that looks
right on the money.

On Thu, May 11, 2017 at 1:47 PM, Noel Kuntze
<noel.kuntze+strongswan-users-ml at thermi.consulting> wrote:
> > In my defense regarding that load statement, I was working from this example: https://www.strongswan.org/testing/testresults/swanctl/frags-ipv4/
> That's a test scenario and you're not supposed to use that anyway. Use configuration examples from here: https://wiki.strongswan.org/projects/strongswan/wiki/UsableExamples

I think my problem has been addressed so I'll ring off this thread
after this message, but I think feedback on the first-time-user
experience is valuable and also scarce since each user only gets to be
a first-timer once.

The "Usable Examples"[1] page contains no swanctl examples at all; at
the time I was looking at that I probably lacked sufficient
understanding to see that the ipsec example (probably) represented
what I needed, and I kept looking.

Starting back on the "UserDocumentation"[2] page, I found a "swanctl
configuration examples"[3] link. I then followed the "RSA
authentication with X.509 certificates (IPv4)"[4] link. It was only
after following this final link that the word "test" appeared anywhere
in the text or URLs of the hyperlinks I followed, and I didn't realize
(until you pointed it out) that that was not intended to be a "Usable
Example" in the sense of those on the page you linked.

[1] https://wiki.strongswan.org/projects/strongswan/wiki/UsableExamples
[2] https://wiki.strongswan.org/projects/strongswan/wiki/UserDocumentation
[3] https://wiki.strongswan.org/projects/strongswan/wiki/SwanctlExamples
[4] https://www.strongswan.org/testing/testresults/swanctl/frags-ipv4/

Thanks again, I'll start a new thread if I have other problems, but
I'll at least exhaust the UsableExamples section before troubling the
list again :)

More information about the Users mailing list