Thanks for this data. First of all, the DN
C=AU, ST=QLD, O=Mincom Pty. Ltd., OU=rvce, CN=ishan, e=ishansharm...@gmail.com does NOT match C=AU, O=Mincom Pty. Ltd., CN=ishan If you want to use wildcards, then you have to specify them explicitly. Otherwise you have to name all RDNs explicitly. Let's take a look at ipsec.conf at sun (=abhishek): conn host-host left=192.168.3.3 leftcert=abhishekCert.pem leftid="C=AU, O=Mincom Pty. Ltd., CN=ishan" right=192.168.3.4 rightid="C=AU, O=Mincom Pty. Ltd., CN=abhishek" auto=add Which side is local and which is remote? I guess that right is local because the local IP address of eth0 is 192.168.3.4. You need to specify the local certificate with rightcert= in this case. Talking about the left side: You set leftid to ishan and the leftcert to abhishek. This is inconsistent. Also, you don't need to set leftcert= at all, because abhishek gets the certificate of ishan during negotiation via IKEv2. Try this: conn host-host left=192.168.3.3 # remote leftid="C=AU, ST=QLD, O=Mincom Pty. Ltd., OU=rvce, CN=ishan, e=ishansharm...@gmail.com" right=192.168.3.4 # local rightcert=abhishekCert.pem # local auto=add Regards, Daniel _______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users