[strongSwan] The option "rightca=ca-dn-here" in v5.5.1 seems to have no effect for IKEv1, cert requests for all CAs in cacerts are still sent to peer

Tobias Brunner tobias at strongswan.org
Fri Sep 22 09:06:46 CEST 2017

Hi Rajiv,

> I have used the <rightca="ca-dn"> option in a IKEv1 gateway to gateway
> tunnel on GW1 running strongswan 5.5.1.

Please look for the log message "CA certificate ... not found,
discarding CA constraint" when the config is loaded.


More information about the Users mailing list