ipsec

check status
ipsec status

check connections
ipsec statusall

check certs
ipsec listcerts

this show you certificates, beware of field pubkey, in should says ", has private key" otherwise its unable to read cert key
check
cat /etc/ipsec.secrets

Debug with
ip route show table all
ip xfrm policy
ip -s tunnel show