[strongSwan] The option "rightca=ca-dn-here" in v5.5.1 seems to have no effect for IKEv1, cert requests for all CAs in cacerts are still sent to peer
tobias at strongswan.org
Fri Sep 22 09:06:46 CEST 2017
> I have used the <rightca="ca-dn"> option in a IKEv1 gateway to gateway
> tunnel on GW1 running strongswan 5.5.1.
Please look for the log message "CA certificate ... not found,
discarding CA constraint" when the config is loaded.
More information about the Users