Hello Mickael, your configuration looks fine.
On 03/08/2011 06:34 PM, Mickael SABELLE wrote: > Hi, > I need to configure two end-point tunnel on a Strongswan VPN > gateway which binds two differents CA root certificates and I would like > know if somebody already do that? > Ex: VPN client coming through the GW ETH1 will be authenticate by > certificate delivered by the CA Root 1 and VPN client coming through > the GW ETH2 will be authenticate by certificate delivered by the CA Root 2 > Can we declare several CA in the ipsec.conf? for example as below? > > # /etc/ipsec.conf - strongSwan IPsec configuration file > > config setup > crlcheckinterval=600s > cachecrls=yes > strictcrlpolicy=yes > plutostart=no > > ca rootCA1 > > cacert=rootCA1Cert.pem > crluri=http://crl2.strongswan.org/strongswanrootCA1.crl > auto=add > > ca rootCA2 > > cacert=rootCA2Cert.pem > crluri=http://crl2.strongswan.org/strongswanrootCA2.crl > auto=add > > > conn %default > keyingtries=1 > keyexchange=ikev2 > > conn roadwarrior1 > left=192.168.0.1 > leftsubnet=10.1.0.0/16 > leftcert=Gw-eth1Cert1.pem > [email protected] > right=%any > rightca="C=FR, O=test1, CN= Root CA 1" > auto=add > > conn roadwarrior2 > left=172.16.0.1 > leftsubnet=10.1.0.0/16 > leftcert=Gw-eth2Cert2.pem > [email protected] > right=%any > rightca="C=FR, O=test2, CN= Root CA 2" > auto=add > > Last question, Do I have to add specific parameter in the > strongswan.conf to manage 2 CA? > No additional parameters are needed. > Thanks in advance, > Mickael Regards Andreas ====================================================================== Andreas Steffen [email protected] strongSwan - the Linux VPN Solution! www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]== _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
