Hi John, > We would like to have tunnel > established even if responder send us a certificate which is signed by > unknown root ca. Is this possible to achieve that in strongswan? Not without code changes. Regards, Tobias