Hi,
I need to configure two end-point tunnel on a Strongswan VPN gateway which
binds two differents CA root certificates and I would like know if somebody
already do that?
Ex: VPN client coming through the GW ETH1 will be authenticate by
certificate delivered by the CA Root 1 and VPN client coming through the GW
ETH2 will be authenticate by certificate delivered by the CA Root 2
Can we declare several CA in the ipsec.conf? for example as below?
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
crlcheckinterval=600s
cachecrls=yes
strictcrlpolicy=yes
plutostart=no
ca rootCA1
cacert=rootCA1Cert.pem
crluri=http://crl2.strongswan.org/strongswanrootCA1.crl
auto=add
ca rootCA2
cacert=rootCA2Cert.pem
crluri=http://crl2.strongswan.org/strongswanrootCA2.crl
auto=add
conn %default
keyingtries=1
keyexchange=ikev2
conn roadwarrior1
left=192.168.0.1
leftsubnet=10.1.0.0/16
leftcert=Gw-eth1Cert1.pem
[email protected]
right=%any
rightca="C=FR, O=test1, CN= Root CA 1"
auto=add
conn roadwarrior2
left=172.16.0.1
leftsubnet=10.1.0.0/16
leftcert=Gw-eth2Cert2.pem
[email protected]
right=%any
rightca="C=FR, O=test2, CN= Root CA 2"
auto=add
Last question, Do I have to add specific parameter in the strongswan.conf to
manage 2 CA?
Thanks in advance,
Mickael
_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users
