<div dir="ltr"><div><div><div><div><div><div><div>Hi <br><br></div>I am trying to establish an ipsec tunnel using x509 authentication between a Linux device (running strongswan) and another device that supports IKEv2.<br><br></div><div>Both peers are using the same CA certificate to generate the local certificates.<br></div>The issue I am facing is the peer is request CA certificate in its certificate request payload in the message. However, strongswan currently is not sending the CA information because of which the authentication between the 2 peer is failing.<br><br></div>Is there a way to send the CA certificate if the peer is requesting that in the certificate request payload? If yes, how can I do that?<br><br></div>I tried leftsendcert=always or ifasked option but that did not seem to work.<br><br></div>The config that I have on strongswan side is as follows:<br><br>conn peer-192.0.72.2-tunnel-vti<br>        left=192.0.71.1<br>        leftid="C=US, ST=CA, L=SJ, O=BR, OU=QA, CN=QA, emailAddress=<a href="mailto:peer1@br.com">peer1@br.com</a>"<br>        right=192.0.72.2<br>        rightid="C=US, ST=CA, L=SD, O=BR, OU=SQA, CN=SQA, emailAddress=<a href="mailto:peer2@br.com">peer2@br.com</a>"<br>        leftsubnet=<a href="http://0.0.0.0/0">0.0.0.0/0</a><br>        rightsubnet=<a href="http://0.0.0.0/0">0.0.0.0/0</a><br>        keyexchange=ikev2<br>        ike=aes256-sha2_384-ecp384!<br>        ikelifetime=86400s<br>        esp=aes256gcm128-ecp384!<br>        keylife=28800s<br>        rekeymargin=540s<br>        type=tunnel<br>        compress=no<br>        leftauth=pubkey<br>        rightauth=pubkey<br>        leftrsasigkey=%cert<br>        rightrsasigkey=%cert<br>        leftcert=/etc/ipsec.d/certs/Peer1.crt<br>        mark=2415919105<br>        leftupdown="/usr/lib/ipsec/vti-up-down.sh vti0"<br>        auto=start<br>        keyingtries=%forever<br>        replay_window=0<br>        leftsendcert=ifasked<br><a href="mailto:users@lists.strongswan.org"></a><br></div>Thanks<br></div>Sameer<br><div><div><br><br><div><br><div><div><div><br><br></div></div></div></div></div></div></div>