Hi, I'm looking at converting my existing "legacy" host to host configuration to new based on:
https://www.strongswan.org/testing/testresults/swanctl/host2host-transport/ My current config (legacy format): newtun.conf conn mytunnel left=139.0.0.1 right=%any authby=rsasig compress=no type=transport leftprotoport=47/0 rightprotoport=47/0 auto=add ike=aes128-sha256-modp2048 esp=aes128-sha256-modp2048 rightcert=newtun_client_1.pem leftcert=newtun_server_1.pem dpddelay=30 dpdtimeout=120 ikev2=insist newtun.secrets : RSA newtun_server_1.pem I have CA and client and server certs in subdirectories under /etc/ipsec.d, it all works. My question is - right now the private key of the server's (StrongSwan) certificate is required in a *.secrets file. There is no automatic loading from /etc/ipsec.d/private. Where do you put the private key with the new format? I don't see it in swanctl.conf https://www.strongswan.org/testing/testresults/swanctl/host2host-transport/moon.swanctl.confauth And a "meta" - is there any benefit to the "new" format configuration? -- Kostya Vasilyev [email protected]
