Missing support for ECDSA certs


  • I'm currently using strongSwan between two NATed Linux servers for a Site-to-Site VPN configured with ECDSA certificates without any issues.  I wanted to try to convert one of the site's VPN termination to be pfSense but unfortunately it appears that pfSense doesn't support ECDSA certs.

    Considering I'm using ECDSA certs for the Web GUI and v2.2 switched to using strongSwan, is this a limitation only in the script that writes out the actual IPSec file?  Unfortunately I don't know of a way to replace the : RSA line in the ipsec.secrets and restart the IPSec daemon without also causing the file to be replaced.

    Thanks for any help!