[strongSwan] Best Practice for Multiple Road-Warriors with CiscoIPsec (iPhone)?

Klaus Darilion klaus.mailinglists at pernau.at
Wed Nov 30 10:19:04 CET 2011


Hi!

I try the setup a VPN server for iPhones using the "Cisco IPsec". I 
wonder if there are some best-practices.

I see following possibilities:

a) A single client certificate for all users and different XAUTH users
b) A dedicated client certificate for every user and the same XAUTH user
c) A dedicated client certificate for every user and different XAUTH users
d) A single client certificate for all users and and the same XAUTH user

Option d) is obviously bad. What do people prefer to distinguish user? 
Different certificates, different XAUTH users, or both?

Thanks
Klaus




More information about the Users mailing list