Hi Simon, > I will change the remote certificate key usage value to something not > compliant with RFC 4945.
Compliance with RFC 4945 is already enforced since 5.6.3 [1]. Authentication will fail for non-compliant peer certificates. Regards, Tobias [1] https://wiki.strongswan.org/versions/69
