==== Configurations ==== root@host01:~ # grep host01 /usr/local/etc/swanctl/conf.d/host01-host02.conf host01-host02 { root@host01:~ # grep sample-with-ca-cert /usr/local/etc/ipsec.conf conn sample-with-ca-cert ==== Both strongswan and strongswan_swanctl enabled ==== root@host01:~ # service strongswan start Starting strongswan. Starting strongSwan 5.7.1 IPsec [starter]... no netkey IPsec stack detected no KLIPS IPsec stack detected no known IPsec stack detected, ignoring! root@host01:~ # ipsec status Security Associations (0 up, 1 connecting): sample-with-ca-cert[1]: CONNECTING, 10.0.6.50[%any]...10.0.8.2[%any] root@host01:~ # service strongswan_swanctl start /usr/local/etc/rc.d/strongswan_swanctl: WARNING: legacy rc.d/strongswan is enabled? refusing to start rc.d/strongswan_swanctl, only loading swanctl.conf. loaded certificate from '/usr/local/etc/swanctl/x509/domain-host01-ipsec.crt' loaded certificate from '/usr/local/etc/swanctl/x509ca/domain-ca-bundle.pem' loaded private key from '/usr/local/etc/swanctl/private/domain-host01-ipsec.key' loaded authority 'domain-ca' successfully loaded 1 authorities, 0 unloaded no pools found, 0 unloaded loaded connection 'host01-host02' successfully loaded 1 connections, 0 unloaded /usr/local/etc/rc.d/strongswan_swanctl: WARNING: failed precmd routine for strongswan_swanctl root@host01:~ # ipsec status Routed Connections: net-net{1}: ROUTED, TUNNEL, reqid 1 net-net{1}: 10.0.6.51/32 === 10.0.9.3/32 Security Associations (0 up, 1 connecting): sample-with-ca-cert[1]: CONNECTING, 10.0.6.50[%any]...10.0.8.2[%any] root@host01:~ # service strongswan reload Reloading strongSwan IPsec configuration... root@host01:~ # ipsec status Routed Connections: net-net{1}: ROUTED, TUNNEL, reqid 1 net-net{1}: 10.0.6.51/32 === 10.0.9.3/32 Security Associations (0 up, 1 connecting): sample-with-ca-cert[1]: CONNECTING, 10.0.6.50[%any]...10.0.8.2[%any] root@host01:~ # service strongswan_swanctl reload loaded certificate from '/usr/local/etc/swanctl/x509/domain-host01-ipsec.crt' loaded certificate from '/usr/local/etc/swanctl/x509ca/domain-ca-bundle.pem' loaded private key from '/usr/local/etc/swanctl/private/domain-host01-ipsec.key' loaded authority 'domain-ca' successfully loaded 1 authorities, 0 unloaded no pools found, 0 unloaded loaded connection 'host01-host02' successfully loaded 1 connections, 0 unloaded root@host01:~ # ipsec status Routed Connections: net-net{1}: ROUTED, TUNNEL, reqid 1 net-net{1}: 10.0.6.51/32 === 10.0.9.3/32 Security Associations (0 up, 1 connecting): sample-with-ca-cert[1]: CONNECTING, 10.0.6.50[%any]...10.0.8.2[%any] root@host01:~ # service strongswan_swanctl stop strongswan_swanctl not running? (check /var/run/daemon-charon.pid). root@host01:~ # service strongswan stop Stopping strongSwan IPsec...