IKEv2 connection failed

I received a response from support, and they finally gave me a key. Now the question is how to combine rsa private key with a certificate? When I tried to do it myself, I failed. I also want to provide all the certificates here (they are openly available and everyone can download them, so I don't see anything criminal here) (I followed this instruction https://forum.goldenfrog.com/t/aes-ni-gcm-support/824/6)

/etc/ipsec.d/cacerts/goldenfrog-ca.crt (I downloaded this certificate from this link https://support.vyprvpn.com/hc/en-us/articles/360041273371-Where-can-I-find-your-CA-certificate-)

-----BEGIN CERTIFICATE-----
MIIGDjCCA/agAwIBAgIJAL2ON5xbane/MA0GCSqGSIb3DQEBDQUAMIGTMQswCQYD
VQQGEwJDSDEQMA4GA1UECAwHTHVjZXJuZTEPMA0GA1UEBwwGTWVnZ2VuMRkwFwYD
VQQKDBBHb2xkZW4gRnJvZyBHbWJIMSEwHwYDVQQDDBhHb2xkZW4gRnJvZyBHbWJI
IFJvb3QgQ0ExIzAhBgkqhkiG9w0BCQEWFGFkbWluQGdvbGRlbmZyb2cuY29tMB4X
DTE5MTAxNzIwMTQxMFoXDTM5MTAxMjIwMTQxMFowgZMxCzAJBgNVBAYTAkNIMRAw
DgYDVQQIDAdMdWNlcm5lMQ8wDQYDVQQHDAZNZWdnZW4xGTAXBgNVBAoMEEdvbGRl
biBGcm9nIEdtYkgxITAfBgNVBAMMGEdvbGRlbiBGcm9nIEdtYkggUm9vdCBDQTEj
MCEGCSqGSIb3DQEJARYUYWRtaW5AZ29sZGVuZnJvZy5jb20wggIiMA0GCSqGSIb3
DQEBAQUAA4ICDwAwggIKAoICAQCtuddaZrpWZ+nUuJpG+ohTquO3XZtq6d4U0E2o
iPeIiwm+WWLY49G+GNJb5aVrlrBojaykCAc2sU6NeUlpg3zuqrDqLcz7PAE4OdNi
OdrLBF1o9ZHrcITDZN304eAY5nbyHx5V6x/QoDVCi4g+5OVTA+tZjpcl4wRIpgkn
WznO73IKCJ6YckpLn1BsFrVCb2ehHYZLg7Js58FzMySIxBmtkuPeHQXL61DFHh3c
TFcMxqJjzh7EGsWRyXfbAaBGYnT+TZwzpLXXt8oBGpNXG8YBDrPdK0A+lzMnJ4nS
0rgHDSRF0brx+QYk/6CgM510uFzB7zytw9UTD3/5TvKlCUmTGGgI84DbJ3DEvjxb
giQnJXCUZKKYSHwrK79Y4Qn+lXu4Bu0ZTCJBje0GUVMTPAvBCeDvzSe0iRcVSNMJ
VM68d4kD1PpSY/zWfCz5hiOjHWuXinaoZ0JJqRF8kGbJsbDlDYDtVvh/Cd4aWN6Q
/2XLpszBsG5i8sdkS37nzkdlRwNEIZwsKfcXwdTOlDinR1LUG68LmzJAwfNE47xb
rZUsdGGfG+HSPsrqFFiLGe7Y4e2+a7vGdSY9qR9PAzyx0ijCCrYzZDIsb2dwjLct
Ux6a3LNV8cpfhKX+s6tfMldGufPI7byHT1Ybf0NtMS1d1RjD6IbqedXQdCKtaw68
kTX//wIDAQABo2MwYTAdBgNVHQ4EFgQU2EbQvBd1r/EADr2jCPMXsH7zEXEwHwYD
VR0jBBgwFoAU2EbQvBd1r/EADr2jCPMXsH7zEXEwDwYDVR0TAQH/BAUwAwEB/zAO
BgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQENBQADggIBAAViCPieIronV+9asjZy
o5oSZSNWUkWRYdezjezsf49+fwT12iRgnkSEQeoj5caqcOfNm/eRpN4G7jhhCcxy
9RGF+GurIlZ4v0mChZbx1jcxqr9/3/Z2TqvHALyWngBYDv6pv1iWcd9a4+QL9kj1
Tlp8vUDIcHMtDQkEHnkhC+MnjyrdsdNE5wjlLljjFR2Qy5a6/kWwZ1JQVYof1J1E
zY6mU7YLMHOdjfmeci5i0vg8+9kGMsc/7Wm69L1BeqpDB3ZEAgmOtda2jwOevJ4s
ABmRoSThFp4DeMcxb62HW1zZCCpgzWv/33+pZdPvnZHSz7RGoxH4Ln7eBf3oo2PM
lu7wCsid3HUdgkRf2Og1RJIrFfEjb7jga1JbKX2Qo/FH3txzdUimKiDRv3ccFmEO
qjndUG6hP+7/EsI43oCPYOvZR+u5GdOkhYrDGZlvjXeJ1CpQxTR/EX+Vt7F8YG+i
2LkO7lhPLb+LzgPAxVPCcEMHruuUlE1BYxxzRMOW4X4kjHvJjZGISxa9lgTY3e0m
noQNQVBHKfzI2vGLwvcrFcCIrVxeEbj2dryfByyhZlrNPFbXyf7P4OSfk+fVh6Is
1IF1wksfLY/6gWvcmXB8JwmKFDa9s5NfzXnzP3VMrNUWXN3G8Eee6qzKKTDsJ70O
rgAx9j9a+dMLfe1vP5t6GQj5
-----END CERTIFICATE-----

/etc/ipsec.d/certs/goldenfrog-client.crt (i download this here (https://support.vyprvpn.com/hc/en-us/articles/360038093771-VyprVPN-IKEv2-Setup-for-Windows-Phone-8-1)

Bag Attributes
    localKeyID: 5F D4 53 C1 E0 DA E6 87 3A 9D 74 9C A4 5C F3 3A 8F 89 44 26 
subject=C = CH, ST = Lucerne, L = Meggen, O = Golden Frog GmbH, CN = goldenfrog-client, emailAddress = admin@goldenfrog.com
issuer=C = CH, ST = Lucerne, L = Meggen, O = Golden Frog GmbH, CN = VyprVPN Intermediate CA, emailAddress = admin@goldenfrog.com
-----BEGIN CERTIFICATE-----
MIIHGzCCBQOgAwIBAgICEQcwDQYJKoZIhvcNAQENBQAwgZIxCzAJBgNVBAYTAkNI
MRAwDgYDVQQIDAdMdWNlcm5lMQ8wDQYDVQQHDAZNZWdnZW4xGTAXBgNVBAoMEEdv
bGRlbiBGcm9nIEdtYkgxIDAeBgNVBAMMF1Z5cHJWUE4gSW50ZXJtZWRpYXRlIENB
MSMwIQYJKoZIhvcNAQkBFhRhZG1pbkBnb2xkZW5mcm9nLmNvbTAeFw0yMDA0MTQy
MTQ5MzVaFw0zMDA0MTIyMTQ5MzVaMIGMMQswCQYDVQQGEwJDSDEQMA4GA1UECAwH
THVjZXJuZTEPMA0GA1UEBwwGTWVnZ2VuMRkwFwYDVQQKDBBHb2xkZW4gRnJvZyBH
bWJIMRowGAYDVQQDDBFnb2xkZW5mcm9nLWNsaWVudDEjMCEGCSqGSIb3DQEJARYU
YWRtaW5AZ29sZGVuZnJvZy5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK
AoICAQC5I2oVYzUZh5hFcUTyfOKqv/6zZ17uii6DukQ7B+iQkFfFqrSnbqpAnIdD
TpisRxzYpO68ME3mt/Zgm5gP1lAFEhv3DZm6vz89AKuzu1b49tkxbZB4M6/7BUHD
02Xsw/RGkOnVfzxqTf0Q/qQTr7JcX6TngAnKFAjYC5Drp4Rr9NkK9xu/JYUNkk5D
QsjQFBTKfvdpIK2ztEcvvRsWB2A7xviBNk5/P4/KxNudrUyfMdpnNFOxvV8rRCDL
dUi/qDhGpB6H60d3aXZu2VLmAb9Lv55hKaKzDkbAMhxjz/CW1Vh0LUobd2AUIZGZ
ldURprV5bIFcgVE9YxgFcc29ndWkPzUk/+J/XPZSYXczKewe7KgPqr2qRvcRL8YP
eGv/zJeJqcpsaqHTQHyM3BMPU8ZPg6KwuDwWhS5vaMr80qOad2LTJyZfy/7/Jwuh
v1k5SVg/zcqYwaW8nzoX1jRx0fh3y+YiwAdoBmg9F7re7X4tMMIEohtvRlb9SpLH
SErZlOus026WawqMNpflYH09rU8D6wC80N3pWIBnN7Oty1GI2No4LyYalMSKMVvk
hxcwgfvSMpK+L9W8BCTcrEQLJBoSHgBk0Oee2Ruh9710ddrTHTMSIHwv2b93eMzX
LRgzYbQhQB+QnfCxZsp8h2W9nY8Li/u1pbbb9ORfaFLpWHKHWwIDAQABo4IBfTCC
AXkwCQYDVR0TBAIwADARBglghkgBhvhCAQEEBAMCBkAwMwYJYIZIAYb4QgENBCYW
JE9wZW5TU0wgR2VuZXJhdGVkIFNlcnZlciBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQU
wUDqTEfPuVhcaJslDqftaFHVuvswgcEGA1UdIwSBuTCBtoAUhs9h3XalodsiCBS9
xFrHXtYbZl2hgZmkgZYwgZMxCzAJBgNVBAYTAkNIMRAwDgYDVQQIDAdMdWNlcm5l
MQ8wDQYDVQQHDAZNZWdnZW4xGTAXBgNVBAoMEEdvbGRlbiBGcm9nIEdtYkgxITAf
BgNVBAMMGEdvbGRlbiBGcm9nIEdtYkggUm9vdCBDQTEjMCEGCSqGSIb3DQEJARYU
YWRtaW5AZ29sZGVuZnJvZy5jb22CAhAAMA4GA1UdDwEB/wQEAwIFoDATBgNVHSUE
DDAKBggrBgEFBQcDATAcBgNVHREEFTATghFnb2xkZW5mcm9nLWNsaWVudDANBgkq
hkiG9w0BAQ0FAAOCAgEAa28J4T+qTnMCGmDgMVEOl5yKUqkILUOE5lo9171HkJ0n
laFY3+28YKKTR6bq0pGFmzYXZw6xaJRKsscj3J5O2E90SCOwt4Sa6J9Nsr4XiFBT
v6A4/hPSB1llQ3M4bK1N0rS/Xi9ceR2ls+4FR740/E073icRKZhdjE8FAmywdTEh
wik7qbjrZY+LdARE6Vgg8zGmRi+0Gm+X3QAspqk7raMkmahyd10iWKaTHEgTZ3CK
o9xjh6iFkQV13ROIfkLyik5AJIundP6wusZkUG/NhDMNsftI30yqsCj5n25ZeQb8
saeBG2OOIGa/S4zWQzQqygq9M5DaLy29XpYpuNe5Y2lz3l9CiUcsgiCNq0SyxwkT
yS2B3npP4KdM4x6TS5Bjtl3Rwo95PNRo2N9k21dg7yC2XYr4Y8LY5l1EhKDoI1Wf
QlEkjmzCTyY5I8OG52yu6wIZo1kfs14MhB3cEszu4RH7zvw+qpwlISJS6NBYy6y8
7cyU5LwLtXH7cqBN9AzSqHiV1/Mxl4DpwsyVfl+UTWLIeNMM5g3RN/yJxcj1jwmv
3aoN1rDoyIIlwZtneUTID1M9T7BLZi58JFNYSloyfuSPuzWbQ7GRLmcgD8JbM9W/
H9VLYZd3BBh3Sjdy3e3uzzGdLTVCEyUmm8+3ZOWCU5fUWvOtp0gOX/nHZ/RZuow=
-----END CERTIFICATE-----

/etc/ipsec.d/private/goldenfrog-client.key (i download this here (https://support.vyprvpn.com/hc/en-us/articles/360038093771-VyprVPN-IKEv2-Setup-for-Windows-Phone-8-1)

Bag Attributes
    localKeyID: 5F D4 53 C1 E0 DA E6 87 3A 9D 74 9C A4 5C F3 3A 8F 89 44 26 
Key Attributes: <No Attributes>
-----BEGIN PRIVATE KEY-----
MIIJQQIBADANBgkqhkiG9w0BAQEFAASCCSswggknAgEAAoICAQC5I2oVYzUZh5hF
cUTyfOKqv/6zZ17uii6DukQ7B+iQkFfFqrSnbqpAnIdDTpisRxzYpO68ME3mt/Zg
m5gP1lAFEhv3DZm6vz89AKuzu1b49tkxbZB4M6/7BUHD02Xsw/RGkOnVfzxqTf0Q
/qQTr7JcX6TngAnKFAjYC5Drp4Rr9NkK9xu/JYUNkk5DQsjQFBTKfvdpIK2ztEcv
vRsWB2A7xviBNk5/P4/KxNudrUyfMdpnNFOxvV8rRCDLdUi/qDhGpB6H60d3aXZu
2VLmAb9Lv55hKaKzDkbAMhxjz/CW1Vh0LUobd2AUIZGZldURprV5bIFcgVE9YxgF
cc29ndWkPzUk/+J/XPZSYXczKewe7KgPqr2qRvcRL8YPeGv/zJeJqcpsaqHTQHyM
3BMPU8ZPg6KwuDwWhS5vaMr80qOad2LTJyZfy/7/Jwuhv1k5SVg/zcqYwaW8nzoX
1jRx0fh3y+YiwAdoBmg9F7re7X4tMMIEohtvRlb9SpLHSErZlOus026WawqMNpfl
YH09rU8D6wC80N3pWIBnN7Oty1GI2No4LyYalMSKMVvkhxcwgfvSMpK+L9W8BCTc
rEQLJBoSHgBk0Oee2Ruh9710ddrTHTMSIHwv2b93eMzXLRgzYbQhQB+QnfCxZsp8
h2W9nY8Li/u1pbbb9ORfaFLpWHKHWwIDAQABAoICADJtlgirVBxXFb/cgXY3VBpE
X6EISBBbbR4OT2Vw2wT9fBroS3rLpu4gdKt9rhJG8HGGQ0zZL27nruFToFC4BGXN
L/bUKop2a0g3dY1oOuFng3N2L4K+OXH7VZV8cGfUXCYYdMjldlRSV9sYMSL3mXKV
zroL4x665EnMpLW7lFM/hxr4ggNHuf0fW9fwSfh7b8pUWRm2f/nR4g37yXPvoGPH
54pye2EntAf8JQHG4Xb/QkkYNK/WMCT90pz4nk8uB94d9/73tCivfkXlRjJGSY/d
ast2Zs201sqlG5yIWDUNeaFzcJsYof/5wMn/yOCc8xNW3cmPo8w/wJxDClJauoUi
yGlQIqfddTyCF+EmJqeSbarxrZGS6HKFMZv9GtTTe0+JUKJaB54qMKKRorMiPy1K
dfiG1CTM063jvzJp5rqMV9VnR2WZTf9CtOdHjbObUZgmsjeYhNaHv+N83Ah0kbOY
u7+m3bH/LFCuxphtI5+RXhrg5X9Haj4uF5t6oOcsZuWqc/JcGyGaFEHWYsQURc3K
nxk/IJmRRcwIcKDjcEVZXoHtHVuESam/n6LctHwOzi7SfHSjsQwXYqglKlMKTEEA
ynHHHwikJFW/0cMZtijyfggJuV4LS3NYuA6nou19kw2wH9/J+DF71uyp2ghwuQKx
6voID83WCrLN9Ws1cZYBAoIBAQDjXYWrIJ0wY2+Gm9Ajsfo0eBcHenFjBCW6DME/
ETh3Nf4fHokNCBKqZ9lpXnHYwjktOT/st7sLiSgKNoBAyYrmXmR2zth39HCIUgQg
reoln8xW+tH5wsJLVKwhoIAhgmjCSqwuQhDAD2iaV0Mt/ePzy0Pc4tH5NAF65IB7
xyAVihtVDcBYCqYwt2NZPa44NYszhfO/iA2hS5xL1oLwwamV5FAxloN0SE2W0YaX
N7PwfzAikS+tnQybzyXZcNPVQzu5tRgIzan4D7gbW2sIxnH1CQQ7oeIq8mC+SXsH
8nuwQpe8px0vxareMuJpkL/wv/81m0djwBwOduH7vVvlmRBbAoIBAQDQdHQV2Bj7
yNKoxduLixLDcQuIvSUt3J0MfPwnrMCeEsF4DfEfl0ERxjdsffcVXOvvxSL/kKNz
5wHhq1RT4fEeoOjxlOjZ1WbI//GfV+28Ucq5ejMwDY4sn+vRCYVZaNHWqdAa+tz9
1bLYPCOlg78XkUI52b8lrWEjtRSPKJc/P1mSxtE56fJeE2QIPlWxC9jEJO2a7KwB
VEuZYTbI0epH0v8DWb7T40acCnBYiuDksIJyDRIVqkEP7TREJ5wHni+8MpjAddtO
gt+E0wBib1WpE0JI7qu/9csilFk9AJZJMQN3X3+5ByqsGDCgud4263rzNr4JJb8O
Y2G8mngVJhUBAoIBAGIo0DqvW+22IEIXJuciQYlBh3+9BxLeiYMnWo7l2mDtOIcq
4bR0lcpoB18MXU5dm93AZ67FK8WxM04ldX2DBaqreegpKR+wspzH++w36WzQ7qFm
rByOTt/C8IWcC3VsHdoz7t4Ru7WPcXOg1OoYQL/SM7w7WLekEjeCS04lC98Avwgb
Zb0c698Aba3riTnPNAfMfw1jqa7HO/Up6WIT2ilSZqTh/GLJjGXek6LZc6AS6S8j
S1hDA1yJNCgKJApgenqUionScN0dvDhjYXRqaGyHtgIgw8oS1l2Qz8MAlxHjziqu
Y1Vqm3hOs50r1xITchUssseH+xTrkmjiubgIOx0CggEAXzy1RL2kPHS1+jHbalex
zOU69dAkyl0+y1PXCHFe11mOVsFX5qz+J5a9/61VU8dObA9PPB/i7bMfIvFZ57EU
rn+praXw9IURHsgApmJP1Xgw/Kid9lhbGnw+CxUkfYLsS/ztfUYb7UTTHwPq7VXR
2nydGz0mnZonBV9X80gCQf05eVuof6Mo/l4xl6qTD/5vnL2aaOu0ci8HEx5dH0b4
mLQHmopIKxptSiFizrE0qocSMfVSy98rNpGTDYhjOv/Eo2EidNvjxGz6nf6g8FgZ
dNO9twCEK4GquzO3ya0Y/HuOL93LxsdFcbbjkKsaoVDYrYHXNOqv7WzuXHLeZhsu
AQKCAQBl+tWxiUtWVpO8kzNZBfWmY/+MYTspuoBp1BAbpcrOt5CJP376vmnz/3xJ
mqPzHSKo5xnRAIBos8PU8hPUH4YidtY3oCJN6QzrGfqbVmVC0vKuaQWradGpsKz8
NwOwq0T9RjTc38RC202E5GyQCx+MwR0+H+YXYpHLdKE6lDHL5a0f+gYa5e9WQdep
X3ywqWi3bpi9BLURmySSrT2C+ZITLTEzrpxH4CKPlj4rNS7IbR61huDBHN+jPzL5
2SiJENxevQ3Uq3JkUk/IFIR/uAmLKmUZbv1cuVG0A6/h9k//DVM1r3Ixfuhn3C1x
Xisf7tgC/wHC54QAVpRPgV1NyB5N
-----END PRIVATE KEY-----

I also got an account with VyprVPN and tried the IKEv2 configuration.

I had the same problem:
no trusted RSA public key found for ...

I honestly don't know what the problem is. Probably the CA certificate is only for OpenVPN and not for IPsec IKEv2.

Okay, let's try the IKEv1 configuration then? (https://forum.goldenfrog.com/t/aes-ni-gcm-support/824/6)
Above, I presented the new certificates that support gave me

/etc/ipsec.secrets:

: RSA goldenfrog-client.key 
username@domain.com: XAUTH "PASSWORD-HERE"

Then add to /etc/ipsec.conf:

config setup
	# plutodebug=all
	# crlcheckinterval=600
	# strictcrlpolicy=yes
	# cachecrls=yes
	nat_traversal=yes
	charonstart=yes
	plutostart=yes
	charondebug="ike 4, knl 4 cfg 2"
 
conn vyprvpn
	type=tunnel
	authby=xauthrsasig
	xauth=client
	xauth_identity=username@domain.com
	ike=aes-sha1-modp1024
	esp=aes-sha1
	auto=add
	keyingtries=3
	keyexchange=ikev1
	rekeymargin=3m
	ikelifetime=8h
	keylife=1h
	left=%defaultroute
	leftsourceip=%config
	leftcert=goldenfrog-client.crt
	leftfirewall=yes
	right=128.90.96.52
	rightid=@ro1.vpn.goldenfrog.com
	rightsubnet=0.0.0.0/0

When I tried. connect using this configuration, I got a new error namely: parsed IKE_AUTH response 1 [N (AUTH_FAILED)] received AUTHENTICATION_FAILED notify error

IKEv1 CA.crt was only valid until 2020. So IKEv1 is not possible either.

I don't know if IKEv2 is even possible on OpenWRT without CA.crt.

I have the impression that VPN providers are more willing to Wireguard, even if it is not yet fully developed for VPN providers.

Even if IKEv2 is easy to implement on OpenWRT, many VPN providers are not ready to implement it.

Yes, it's true, the problem is that before that I had ProtonVPN, which does not support Wireguard. Right now I have VyprVPN which supports Wireguard but only in their application. They do not want to provide the keys yet, but this idea (https://ideas.goldenfrog.com/forums/171209-golden-frog-ideas/suggestions/40441801-wireguard-manual-configuration) has been on their website for 3 months already. as an idea, and it is not known when they will provide the keys so that Wireguard can be used not only in their application. I wonder if there are any ideas why they did not immediately provide them (keys)?