> it is not goo practice to load the peer certificate > (i.e. rightcert locally). Better copy the CA certificate > which signed the peer certificate and issued all other > certificates into the /etc/ipsec.d/cacerts/ directory > so that trust can be established. > > Regards > > Andreas
Now that I'm back to a terminal, this worked like a charm. Added CA cert, removed local cert for remote system, removed line from ipsec.conf for rightcert, and restarted everything and I can talk both ways (as least on the test network). Gary _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
