[strongSwan] Is IKEv2 certificate binding to the hardware?

tefeng tefeng.em at gmail.com
Thu Sep 18 18:53:08 CEST 2014

Hi, All,

I have been using strongswan 4.6.4 on my VPS and it worked well. 
Recently I migrated it to another VPS (still 4.6.4 and the same 
certificates copied from the previous VPS) but the vpn client (Agile VPN 
Client in win7 or strongSwan VPN Client for android) with IKEv2 
certificate didn't work except that IKEv1 certificate is OK with Cisco 
VPN Client.

Is IKEv2 certificate binding to the hardware?  If yes, then I have to 
reproduce the certificates.

The 2nd question: Is it possible to substitute "ipsec pki --self ..." 
for "ipsec pki --pub ..."?  Because the command "--pub" only produces a 
certificate with fixed 3 years lifetime and I want more.

Any recommendation would be really appreciated.  Thank in Adv.

More information about the Users mailing list