[strongSwan] Host to host with certs - where to put own private key?
kman at fastmail.com
Tue Feb 12 13:54:58 CET 2019
On Tue, Feb 12, 2019, at 3:53 PM, Kostya Vasilyev wrote:
> I'm looking at converting my existing "legacy" host to host
> configuration to new based on:
> My current config (legacy format):
> conn mytunnel
> : RSA newtun_server_1.pem
> I have CA and client and server certs in subdirectories under /etc/
> ipsec.d, it all works.
> My question is - right now the private key of the server's (StrongSwan)
> certificate is required in a *.secrets file. There is no automatic
> loading from /etc/ipsec.d/private.
> Where do you put the private key with the new format? I don't see it in
The right link is:
> And a "meta" - is there any benefit to the "new" format configuration?
> Kostya Vasilyev
> kman at fastmail.com
More information about the Users