More information... I read the manual (README.Debian.gz) and realized that RSA keys are deprecated in favor of certificates. So I created and RSA key with "ipsec rsasigkey 2048". I was then able to use RSA keys again.
But I was still having problems with the certificate created by debconf. Turns out that the /etc/ipsec.d/private/routerKey.pem file created by debconf/openssl is not readable by openswan because it is not PKCS#1. So I had to convert the routerKey.pem into PKCS#1 format with the following command: "openssl rsa -in routerKey.pem -out temp.pem -outform DER". Then I just replaced routerKey.pem with the newly created temp.pem. So as far as I can tell there is a bug in /var/lib/dpkg/info/openswan.postinst. It tries to create a certificate with "-outform PEM" instead of "-outform DER". I found my workaround, now I hope I can get my VPNs up using certificates. Marc -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
