Deprecation Notice¶
Configuration via ipsec.conf, ipsec.secrets, and ipsec.d using the stroke plugin, as well as using the ipsec command, are deprecated.
Please migrate to swanctl.conf and the swanctl command, or using the vici API directly.
For new users, we provide a bunch of quickstart configuration examples.
To help convert existing ipsec.conf files, we provide instructions for migrating them.
ipsec.d¶
strongSwan's /etc/ipsec.d/ directory contains various certificate and CRL files that are loaded by
the keying daemons pluto and charon. The following subdirectories are currently defined:
- private contains RSA and ECDSA private key files
- certs contains X.509 or PGP end entity certificates
- crls contains certificate revocation lists
- cacerts contains trustworthy CA certificates
- ocspcerts contains trustworthy OCSP signer certificates
- aacerts contains trustworthy authorization authority certificates
- acerts contains attribute certificates
- reqs contains PKCS#10 certificate requests