[strongSwan-dev] Need solution for strongSwan VPN Tunnel specific CA in the configuration for the Authentication

Tobias Brunner tobias at strongswan.org
Fri Nov 3 09:47:41 CET 2017


Hi Kalpesh,

> Here we can not use rightca option as we may have up to 20 different
> CAs for each Tunnel.

Please consider switching to swanctl.conf [1] or vici [2] instead of
using ipsec.conf-based configs.  Then you can provide a list of accepted
CA certificates for each connection.

Regards,
Tobias

[1] https://wiki.strongswan.org/projects/strongswan/wiki/Swanctlconf
[2] https://wiki.strongswan.org/projects/strongswan/wiki/Vici


More information about the Dev mailing list