Re: [strongSwan] Ikev2 wildcards with MacOs clients

I don't have many experience with ipsec, but I think it is possible to specify different accepted CA for each connection when using swanctl.conf. " connections..remote.cacerts: Comma separated list of CA certificates to accept for authentication. The certificates may use a relative path from

Re: [strongSwan] Problem with active-active cluster and traffic handling

> Le 12 juil. 2018 à 15:43, Jean-Daniel Dupas a écrit : > > Hello, > > I'm trying to setup an active-active HA cluster. Actually, I'm close to have > a full working setup, but I have a blocking issue. > > I have installed a custom kernel (4.15.x family),

[strongSwan] Problem with active-active cluster and traffic handling

Hello, I'm trying to setup an active-active HA cluster. Actually, I'm close to have a full working setup, but I have a blocking issue. I have installed a custom kernel (4.15.x family), and setup the CLUSTERIP as described in the HA guide (

Re: [strongSwan] HA kernel patch and CONFIG_XFRM_OFFLOAD

> Le 28 mai 2018 à 11:23, Tobias Brunner a écrit : > > Hi Jean-Daniel, > >> Was the CONFIG_XFRM_OFFLOAD missing failover an overlook and I can safely >> populate the failover field in xfrm_replay.c > > Yes, the HA patch (originally created for 3.x kernels) predates