Hi, > I've had my certs okey but now (I admit I've not used this tunnel in > long time) this connection fails and it seems due to some cert issues.
Not directly, but it could be related. > But am I right to blame some change in my strongswan package? What can > be the problem? Your config? Old/invalid credentials? In any case, read the log during start up and check for errors. > Here is some log: Not the complete one, though. > 13[CFG] no IDr configured, fall back on IP address > 13[IKE] no priv key found for '172.24.154.202' This means you don't have a local identity (leftid) set and that the daemon falls back to using the IP address as identity (as responder IDr is the local identity). However, for that particular identity no certificate and private key is found. If you configured leftcert and the certificate was loaded successfully the local identity should default to that certificate's subject DN, so maybe the certificate was not loaded. Again, check the log when credentials/configs are loaded for errors. Regards, Tobias