StrongSwan / IPSec - creating CA and server certificates

Hi all,

I’m trying to setup a StrongSwan VPN on my TO.
As a first step after installing Strongswan packages, I tried to generate my own CA certificates with “ipsec pki --gen --type rsa --size 4096 --outform pem > private/strongswan-key.pem” in /etc/ipsec.d/,
but my SSH console always hangs and times out eventually. When I reconnect I can see that a blank strongswan-key.pem file has been created.

Would anyone have any hint where the issue with generating the .pem file could be?

You could run your commands inside screen or tmux if you have connectivity/timeout issues

thanks for an idea. It ran it inside screen, but still the same result.

Somehow I couldn’t make certificates to generate on TO itself, eventually I had to do it externally and copy certificates and keys in respective places to TO.