Hi Kalpesh, > Here we can not use rightca option as we may have up to 20 different > CAs for each Tunnel.
Please consider switching to swanctl.conf [1] or vici [2] instead of using ipsec.conf-based configs. Then you can provide a list of accepted CA certificates for each connection. Regards, Tobias [1] https://wiki.strongswan.org/projects/strongswan/wiki/Swanctlconf [2] https://wiki.strongswan.org/projects/strongswan/wiki/Vici
