> 1.1.1.1 is not part of the cert data in rightcert, so StrongSwan rejects > it : The machine's internal IP is in the certificate. Somehow, those get mixed up. Is there a way I can tell the other side to send it's internal IP ? (as a sidenote : I'll check if NAT-T detection went OK) regards, Igmar