I don't have many experience with ipsec, but I think it is possible to specify
different accepted CA for each connection when using swanctl.conf.
"
connections..remote.cacerts: Comma separated list of CA
certificates to accept for authentication. The certificates may use a relative
path from
> Le 12 juil. 2018 à 15:43, Jean-Daniel Dupas a écrit :
>
> Hello,
>
> I'm trying to setup an active-active HA cluster. Actually, I'm close to have
> a full working setup, but I have a blocking issue.
>
> I have installed a custom kernel (4.15.x family),
Hello,
I'm trying to setup an active-active HA cluster. Actually, I'm close to have a
full working setup, but I have a blocking issue.
I have installed a custom kernel (4.15.x family), and setup the CLUSTERIP as
described in the HA guide (
> Le 28 mai 2018 à 11:23, Tobias Brunner a écrit :
>
> Hi Jean-Daniel,
>
>> Was the CONFIG_XFRM_OFFLOAD missing failover an overlook and I can safely
>> populate the failover field in xfrm_replay.c
>
> Yes, the HA patch (originally created for 3.x kernels) predates