[strongSwan] The option "rightca=ca-dn-here" in v5.5.1 seems to have no effect for IKEv1, cert requests for all CAs in cacerts are still sent to peer
Tobias Brunner
tobias at strongswan.org
Fri Sep 22 09:06:46 CEST 2017
Hi Rajiv,
> I have used the <rightca="ca-dn"> option in a IKEv1 gateway to gateway
> tunnel on GW1 running strongswan 5.5.1.
Please look for the log message "CA certificate ... not found,
discarding CA constraint" when the config is loaded.
Regards,
Tobias
More information about the Users
mailing list