[strongSwan] "ipsec status" shows unexpected output

Andreas Steffen andreas.steffen at strongswan.org
Thu Sep 8 20:09:25 CEST 2011

Hi Meera,

with certificates you'll need two different certificates, unless
you add two subjectAltNames to a common certificate.
With preshared-keys you could use the same key for both IDs.



On 09/08/2011 09:09 AM, Meera Sudhakar wrote:
> Hi Andreas,
> Ok. I checked the example you mentioned. So now I need to have different
> leftid and rightid for each of the tunnels.
> You had mentioned that "The draw back is that two IKE SAs including
> authentication must be set up." Does this mean that we need separate
> keys and certificates for each tunnel? In other words, what will the
> content of the folders /etc/ipsec.d/certs and /etc/ipsec.d/private be?
> Sorry, but I just find it a bit confusing because from my understanding,
> the identities are included in the peer cert creation, So if I'll need
> two identities on each end-point, I'll need two keys/certs as well.
> Could you please help me understand this better?
> Thanks and regards,
> Meera

Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)

More information about the Users mailing list