<div dir="ltr">Hi Tobias,<div><br></div><div>Thanks for your quick response.</div><div>We will work your suggestion & let you know if we face any issue.</div><div><br></div><div>Regards,</div><div>Kalpesh Panchal</div><div> </div></div><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Nov 3, 2017 at 3:47 AM, Tobias Brunner <span dir="ltr"><<a href="mailto:tobias@strongswan.org" target="_blank">tobias@strongswan.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi Kalpesh,<br>
<span class=""><br>
> Here we can not use rightca option as we may have up to 20 different<br>
> CAs for each Tunnel.<br>
<br>
</span>Please consider switching to swanctl.conf [1] or vici [2] instead of<br>
using ipsec.conf-based configs.  Then you can provide a list of accepted<br>
CA certificates for each connection.<br>
<br>
Regards,<br>
Tobias<br>
<br>
[1] <a href="https://wiki.strongswan.org/projects/strongswan/wiki/Swanctlconf" rel="noreferrer" target="_blank">https://wiki.strongswan.org/<wbr>projects/strongswan/wiki/<wbr>Swanctlconf</a><br>
[2] <a href="https://wiki.strongswan.org/projects/strongswan/wiki/Vici" rel="noreferrer" target="_blank">https://wiki.strongswan.org/<wbr>projects/strongswan/wiki/Vici</a><br>
</blockquote></div><br></div>