On Fri, 29 May 2015, Matt Rogers wrote:
conn HomeToVoip leftid=%fromcert leftcert=192.168.200.11 leftrsasigkey=%cert
rightrsasigkey=%cert leftsendcert=always leftrsasigkey2=EFW-main
Is left the main office or the home (aka you). the end that is you should have *sendcert=always. You should not set leftrsasigkey2 - that is for key rollover scenarios
leftcert is picked automatically. rightcert can be changed in the config - have tried all permutations.
conn Test left=192.168.201.11 right=5.6.7.8 rightsubnet=192.168.97.0/24 leftcert=192.168.200.11cert.pem rightcert=Endian-Certcert.pem
I'm confused why the strongswan end has two certs from disk. One should come via IKE normally. Although you can have both
I think your assignment of left/right is mixed up here. You should designate one side as left and one side as right for both
That should not matter, as long as you get the things not confused :) Paul _______________________________________________ Swan mailing list Swan@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan