Hi folks, I had a typo in rightca, like
rightca="CN=my-CA"
instead of
rightca="C=DE, O=example gmbh, OU=it, CN=my-CA"
There was a message in charon.log:
CA certificate "CN=my-CA" not found, discarding CA constraint
The IPsec gateway was much more open than intended. Shouldn't
charon ignore a connection with a bad rightca instead, just to
be on the safe side?
Regards
Harri
