> Too obvious to suggest just generating the keys locally and copying them to the servers?
This is the first thing I tried, however it requires too much effort compared to other approaches. Since I am working with different distros the small differences in locations and how the keys generated makes it more difficult then it should be. In this particular case Redhat/CentOS uses NSS enabled version of Openswan.
That's not to say that it cannot be done. I did it, but it does nothing to address the fundamental problem.