Hi Udo, > The private keyfile is loaded, but the keys cannot be found. I double > checked that the keyfile matches the certificate.
Loading the private key has no effect as long as connections are not associated with a certificate (or raw public key) that matches it. For ipsec.conf, you have to do that explicitly via leftcert (or leftsigkey). With swanctl.conf, certificates may also be loaded independently and associated to the connection via identity. Regards, Tobias
