[strongSwan] The option "rightca=ca-dn-here" in v5.5.1 seems to have no effect for IKEv1, cert requests for all CAs in cacerts are still sent to peer
rajivkulkarni69 at gmail.com
Fri Sep 22 01:46:08 CEST 2017
I have used the <rightca="ca-dn"> option in a IKEv1 gateway to gateway
tunnel on GW1 running strongswan 5.5.1. And i have about 100+
trusted-root-ca certs in the /ipsec.d/cacerts folder of GW1
GW1 is still sending Cert Requests for all 100+ rootCAs (including the one
for the cert given in leftcert option for GW1)
Thought of using rightsendcert=never (alongwith leftsendcert=always)...but
i dont think this should be used if the peer-gw is Non-Strongswan, such as
and i need to use IKEv1 tunnel...
Can you please advice?
thanks & regards
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users