Да, спасибо, точно, чего-то я ступил.
Но подключится не может все равно... так как при запуске выводятся ошибки на resolvconf и что-то еще(((
[test@host-15 ~]$ sudo strongswan up CP
initiating IKE_SA CP[2] to 91.230.191.237
generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) V ]
sending packet: from 10.0.2.15[500] to 91.230.191.237[500] (1400 bytes)
received packet: from 91.230.191.237[500] to 10.0.2.15[500] (501 bytes)
parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_S_IP) N(NATD_S_IP) N(NATD_D_IP) CERTREQ ]
selected proposal: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
local host is behind NAT, sending keep alives
received 1 cert requests for an unknown ca
establishing CHILD_SA CP{2}
generating IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr CPRQ(ADDR DNS) SA TSi TSr N(MOBIKE_SUP) N(NO_ADD_ADDR) N(EAP_ONLY) N(MSG_ID_SYN_SUP) ]
sending packet: from 10.0.2.15[4500] to 91.230.191.237[4500] (464 bytes)
received packet: from 91.230.191.237[4500] to 10.0.2.15[4500] (1248 bytes)
parsed IKE_AUTH response 1 [ IDr CERT AUTH EAP/REQ/ID ]
received end entity cert "O=SMS-VM-test..jmpg2k, CN=ClusterVPN VPN Certificate"
using trusted certificate "O=SMS-VM-test..jmpg2k, CN=ClusterVPN VPN Certificate"
no issuer certificate found for "O=SMS-VM-test..jmpg2k, CN=ClusterVPN VPN Certificate"
issuer is "O=SMS-VM-test..jmpg2k"
reached end of incomplete trust chain for trusted certificate "O=SMS-VM-test..jmpg2k, CN=ClusterVPN VPN Certificate"
authentication of '91.230.191.237' with RSA signature successful
server requested EAP_IDENTITY (id 0x66), sending 'o.rudakov'
generating IKE_AUTH request 2 [ EAP/RES/ID ]
sending packet: from 10.0.2.15[4500] to 91.230.191.237[4500] (96 bytes)
received packet: from 91.230.191.237[4500] to 10.0.2.15[4500] (80 bytes)
parsed IKE_AUTH response 2 [ EAP/REQ/GTC ]
server requested EAP_GTC authentication (id 0x67)
generating IKE_AUTH request 3 [ EAP/RES/GTC ]
sending packet: from 10.0.2.15[4500] to 91.230.191.237[4500] (96 bytes)
received packet: from 91.230.191.237[4500] to 10.0.2.15[4500] (80 bytes)
parsed IKE_AUTH response 3 [ EAP/SUCC ]
EAP method EAP_GTC succeeded, no MSK established
authentication of 'O=SMS-VM-test..jmpg2k, CN=ClusterVPN VPN Certificate' (myself) with EAP
generating IKE_AUTH request 4 [ AUTH ]
sending packet: from 10.0.2.15[4500] to 91.230.191.237[4500] (112 bytes)
received packet: from 91.230.191.237[4500] to 10.0.2.15[4500] (720 bytes)
parsed IKE_AUTH response 4 [ AUTH N(CRASH_DET) CPRP(ADDR DNS DNS DNS) SA TSi TSr N(ESP_TFC_PAD_N) N(NON_FIRST_FRAG) ]
authentication of '91.230.191.237' with EAP successful
installing DNS server 192.168.1.216 via resolvconf
resolvconf: /sbin/resolvconf: line 304: sd_booted: command not found
installing DNS server 192.168.1.92 via resolvconf
resolvconf: /sbin/resolvconf: line 304: sd_booted: command not found
installing DNS server 192.168.1.4 via resolvconf
resolvconf: /sbin/resolvconf: line 304: sd_booted: command not found
installing new virtual IP 10.12.22.144
IKE_SA CP[2] established between 10.0.2.15[O=SMS-VM-test..jmpg2k, CN=ClusterVPN VPN Certificate]...91.230.191.237[91.230.191.237]
scheduling reauthentication in 3395s
maximum IKE_SA lifetime 3575s
received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding
selected proposal: ESP:AES_CBC_128/HMAC_SHA2_256_128/NO_EXT_SEQ
can't install route for 10.12.22.144/32 === 91.230.191.237/32 out, conflicts with IKE traffic
unable to install IPsec policies (SPD) in kernel
failed to establish CHILD_SA, keeping IKE_SA
sending DELETE for ESP CHILD_SA with SPI 391e71d8
generating INFORMATIONAL request 5 [ D ]
sending packet: from 10.0.2.15[4500] to 91.230.191.237[4500] (80 bytes)
received packet: from 91.230.191.237[4500] to 10.0.2.15[4500] (80 bytes)
parsed INFORMATIONAL response 5 [ ]
establishing connection 'CP' failed
[test@host-15 ~]$
Если что сертификат установлен согласно инструкции в /etc/strongswan/ipsec.d/certs/