[strongSwan] swanctl.conf debugging-- fails to load certificates
Stephen Ayotte
stephen.ayotte at gmail.com
Thu May 11 20:32:51 CEST 2017
Thanks very much for the response / support here guys, I appreciate it.
@Noel, I'll give the host-to-host example you linked a try, that looks
right on the money.
On Thu, May 11, 2017 at 1:47 PM, Noel Kuntze
<noel.kuntze+strongswan-users-ml at thermi.consulting> wrote:
>
> > In my defense regarding that load statement, I was working from this example: https://www.strongswan.org/testing/testresults/swanctl/frags-ipv4/
>
> That's a test scenario and you're not supposed to use that anyway. Use configuration examples from here: https://wiki.strongswan.org/projects/strongswan/wiki/UsableExamples
I think my problem has been addressed so I'll ring off this thread
after this message, but I think feedback on the first-time-user
experience is valuable and also scarce since each user only gets to be
a first-timer once.
The "Usable Examples"[1] page contains no swanctl examples at all; at
the time I was looking at that I probably lacked sufficient
understanding to see that the ipsec example (probably) represented
what I needed, and I kept looking.
Starting back on the "UserDocumentation"[2] page, I found a "swanctl
configuration examples"[3] link. I then followed the "RSA
authentication with X.509 certificates (IPv4)"[4] link. It was only
after following this final link that the word "test" appeared anywhere
in the text or URLs of the hyperlinks I followed, and I didn't realize
(until you pointed it out) that that was not intended to be a "Usable
Example" in the sense of those on the page you linked.
[1] https://wiki.strongswan.org/projects/strongswan/wiki/UsableExamples
[2] https://wiki.strongswan.org/projects/strongswan/wiki/UserDocumentation
[3] https://wiki.strongswan.org/projects/strongswan/wiki/SwanctlExamples
[4] https://www.strongswan.org/testing/testresults/swanctl/frags-ipv4/
Thanks again, I'll start a new thread if I have other problems, but
I'll at least exhaust the UsableExamples section before troubling the
list again :)
More information about the Users
mailing list