Dirk, > was there a change in 5.2 about charon asking for the certificate of > the peer? I can establish a connection when I add leftsendcert=yes to > the configuration of my roadwarrior.
None that I'm aware of. leftsendcert=ifasked was the policy ever since. > If I don't add it I get a connection with 5.1.3 but on 5.2 I get: > [IKE] no trusted RSA public key found for 'C=DE, O=xxxx' > in the log of the server. As the default policy is "ifasked", this most likely implies that your server does not send a certificate request. By default certificate requests are sent; what is your rightsendcert setting on the server? charon logs the certificates and certificate requests sent/received during the exchange, that should help in analyzing what is missing. Regards Martin _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
