[strongSwan] Design comments - site to site connection

Turbo Fredriksson turbo at bayour.com
Sat Nov 5 13:58:03 CET 2016

I want/need to create a site to site connection between my own VPN
server and the work server I’ve setup.

The work server runs StrongSWAN v5.3.5 and my own runs v5.2.1
and we both have our own, individual private CAs.

So I have full control of both sides certificate generation.

Should I use a PSK, EAP or RSA to do the authentication, and if
the later, which of the CAs should generate the certificate?

Do I need to upload both (public) CA certs on both hosts, as well
as the host cert(s)?

More information about the Users mailing list