it all looks god to me in the logs, in this case I converted the der to a pem and listed that in the secrets.
Apr 26 10:53:52 RH7Standard strongswan: 10[CFG] rereading secrets Apr 26 10:53:52 RH7Standard strongswan: 10[CFG] loading secrets from '/etc/strongswan/ipsec.secrets' Apr 26 10:53:52 RH7Standard strongswan: 10[CFG] loaded RSA private key from '/etc/strongswan/ipsec.d/private/RH7Standard.ConvertedvpnHostPrivateKey.pem ' Apr 26 10:53:52 RH7Standard strongswan: 10[CFG] loaded IKE secret for %any Apr 26 10:53:52 RH7Standard strongswan: 10[CFG] loaded EAP secret for judeo %any Apr 26 10:53:52 RH7Standard strongswan: 10[CFG] loaded EAP secret for judeo %any Apr 26 10:53:52 RH7Standard strongswan: 10[CFG] loaded IKE secret for judeo %any Apr 26 10:53:52 RH7Standard strongswan: 10[CFG] rereading ca certificates from '/etc/strongswan/ipsec.d/cacerts' Apr 26 10:53:52 RH7Standard strongswan: 10[CFG] loaded ca certificate "C=US, O=BSI, CN=RH7Standard.blansys.com" from '/etc/strongswan/ipsec.d/cacerts/RH7Standard.SelfSigned.CA.cert.strongswanC ert.der' Apr 26 10:53:52 RH7Standard strongswan: 10[CFG] loaded ca certificate "C=US, O=BSI, CN=RH7Standard.blansys.com" from '/etc/strongswan/ipsec.d/cacerts/RH7Standard.Converted.SelfSigned.CA.cert.p em' Apr 26 10:53:52 RH7Standard strongswan: 10[CFG] rereading ocsp signer certificates from '/etc/strongswan/ipsec.d/ocspcerts' Apr 26 10:53:52 RH7Standard strongswan: 10[LIB] opening directory '/etc/strongswan/ipsec.d/ocspcerts' failed: No such file or directory Apr 26 10:53:52 RH7Standard strongswan: 10[CFG] reading directory failed The command I used to create the original .der was this: strongswan pki --gen --type rsa --size 2048 --outform der > ipsec.d/private/RH7Standard.vpnHostPrivateKey.der ________________________________________ Jude Oliver Support 1100 Poydras St. Suite 1230 New Orleans, LA 70163 Main Office: 504-529-8869 [email protected] www.blanchardsystems.com <http://www.blanchardsystems.com/> ----------------------------------------------------- Join Blanchard Systems 2016 Tips and Tricks Training Webinars Check out the Blanchard Systems 2015 FREE monthly Tips & Tricks training webinars. Click Here <http://www.blanchardsystems.com/events/> to view the schedule and register for one of our upcoming events. On 4/26/16, 11:01 AM, "Tobias Brunner" <[email protected]> wrote: >> Yes, my ipsec.secrets contains this line: >> : RSA RH7Standard.vpnHostPrivateKey.der >> >> Do I need to convert it to a .pem format? > >No, but you should check in the log whether it is successfully loaded >when the daemon is started. > >Regards, >Tobias > _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
