Hi All, We are using multiple VPN tunnels on the same system. All CAs for Tunnel A & B are in */etc/ipsec.d/cacerts/*
For that *How can we provide the Tunnel specific CA list in configuration for the Authentication ?* *means* *Tunnel A must be established only if received client certificate is signed by any CA of Tunnel A * *and * *Tunnel B must be established only if received client certificate is signed by any CA of Tunnel B.* Here we can not use *rightca *option as we may have up to 20 different CAs for each Tunnel. Currently we are facing below issue: *Tunnel A is established even if received client certificate is signed by any CA of Tunnel B. And vice versa.* Let me know if anything required from my side. Appreciating the quick response in advance. Thanks, Kalpesh Panchal On Thu, Nov 2, 2017 at 12:09 PM, Kalpesh Panchal < [email protected]> wrote: > Hi All, > > We are using multiple VPN tunnels on the same system. All CAs for Tunnel A > & B are in */etc/ipsec.d/cacerts/* > > For that > *How can we provide the Tunnel specific CA list in configuration for the > Authentication ?* > *means* > *Tunnel A must be established only if received client certificate is > signed by any CA of Tunnel A * > *and * > *Tunnel B must be established only if received client certificate is > signed by any CA of Tunnel B.* > > Here we can not use *rightca *option as we may have up to 20 different > CAs for each Tunnel. > > Currently we are facing below issue: > > *Tunnel A is established even if received client certificate is signed by > any CA of Tunnel B. And vice versa.* > > Let me know if anything required from my side. > > Appreciating the quick response in advance. > > Thanks, > Kalpesh Panchal > > > > > >
