> What if the right and left certs in negotiation are same, but only left > cert is configured to ipsec.conf in server. Does Strongswan make any > assumptions for right cert in that case?
While I really think it usually is good practice to have a separate certificate for each peer, that should work as well. If no rightcert is defined, any certificate is acceptable that either is marked as trusted (which it is by setting leftcert to it), or for which a valid trustchain can be constructed to a trusted CA (for example, one from the cacerts directory). Regards Martin _______________________________________________ Dev mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/dev
