Hi Klaus, > What is missing to make it work? As documented on [1], try adding `leftsendcert=always`. If that doesn't work, the CA certificate is probably not installed (or trusted) on the clients. Regards, Tobias [1] https://wiki.strongswan.org/projects/strongswan/wiki/AppleClients