Hi Christian, > I am trying to re-use settings so that just the certificate is different > (vpnserver uses ECDSA, vpnsever1 uses RSA), which according to the help > page [1] should be possible:
No, that's not how this works. What you actually define by adding a second local* section is a second local authentication round. That is, you instruct the server to authenticate itself to the client twice, once with ID vpnserver and a second time with ID vpnserver1. However, that requires a matching config on the client (and support for RFC 4739), so this won't work with clients other than strongSwan and only if configured manually. If you want to reuse settings, define the shared settings in a separate file and then include that file in the connection sections and override the settings that are different. Regards, Tobias
