I’m having some trouble trying to use strongswan to connect to a IKEv2 VPN.
I’m getting this error:
charon-nm[38055]: 14[CFG] no issuer certificate found for "C=US, O=Let's Encrypt, CN=R3"
charon-nm[38055]: 14[CFG] issuer is "C=US, O=Internet Security Research Group, CN=ISRG Root X1"
charon-nm[38055]: 14[IKE] no trusted RSA public key found for 'vpn.example.com'
I have downloaded the ISRG Root X1 certificate from Chain of Trust - Let's Encrypt and added it via Network Manager: Network > Settings > SSL Preferences. I still get the same error.
Looks like the certificate is not installed, or strongswan cannot find it. Is there something else I need to do?
My configuration.nix
:
networking.networkmanager = {
enable = true;
enableStrongSwan = true;
};
services.strongswan = {
enable = true;
secrets = [
"ipsec.d/ipsec.nm-l2tp.secrets"
];
};
Would appreciate any help. Thanks