<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<meta name="Generator" content="Microsoft Exchange Server">
<!-- converted from rtf -->
<style><!-- .EmailQuote { margin-left: 1pt; padding-left: 4pt; border-left: #800000 2px solid; } --></style>
</head>
<body>
<font face="Arial, sans-serif" size="2">
<div style="margin-bottom: 6pt; ">Hello,</div>
<div style="margin-bottom: 6pt; ">The ALPHA connection continuously goes up and down if '/etc/ipsec.d/cacerts' contains 2 certificates</div>
<div style="margin-bottom: 6pt; ">that are the same. In this test the CAs hierarchy has only one level (the anchor is the certificate of the</div>
<div style="margin-bottom: 6pt; ">signing CA of the local system). The local system (initiator of IKE connection) is a Linux system. </div>
<div style="margin-bottom: 6pt; ">We know that is unusual to have 2 files containing the same certificate in 'cacerts' but this may happen</div>
<div style="margin-bottom: 6pt; ">for our application in the field. Is the strongSwan behavior normal or there is a bug?</div>
<div>conn ALPHA </div>
<div> left=172.21.11.21 </div>
<div> right=172.21.11.181 </div>
<div> leftsubnet=172.21.10.21/32 </div>
<div> rightsubnet=0.0.0.0/0,0::0/0 </div>
<div> leftauth=pubkey </div>
<div> rightauth=pubkey </div>
<div> leftcert=0_clcert.der </div>
<div> rightca="O=Company, CN=CMS" </div>
<div> rightid="O=*, CN=*" </div>
<div> auto=start </div>
<div style="margin-bottom: 6pt; "> </div>
<div style="margin-bottom: 6pt; ">Best Regards</div>
<div style="margin-bottom: 6pt; ">Mugur</div>
<div> </div>
<div><font face="Arial, sans-serif"> </font></div>
</font>
</body>
</html>