Hi, > I've made its cert with --san quantum-equities.com,cygnus.darkmatter.org, > because the LAN gateway is known outside as quantum-equities.com and the > IPSec gateway is known in the LAN as cygnus.darkmatter.org.
That syntax is not valid. Just use --san multiple times for each SAN (as the man page for pki --issue indicates). > I also tried to set --dn "C=US, O=Quantum, > CN=quantum-equities.com,cygnus.darkmatter.org" -- but strongswan pki wasn't > having it so I had to settle for just quantum-equities.com. That's because commas separate RDNs (and `cygnus.darkmatter.org` is no proper RDN) and strongSwan's DN string parser does not support multi-value RDNs. > # swanctl -L > # swanctl -l > (no response, for some reason) Yes, and that reason is: No config has been loaded. Did you run swanctl --load-conns (-c) or --load-all (-q)? Regards, Tobias