Ah!!! Ok. Thank you
> On 2 May 2018, at 08:55, Tobias Brunner <tob...@strongswan.org> wrote:
>
> Hi Christian,
>
>> I am trying to re-use settings so that just the certificate is different
>> (vpnserver uses ECDSA, vpnsever1 uses RSA), which according to the help
>> page [1] should be possible:
>
> No, that's not how this works. What you actually define by adding a
> second local* section is a second local authentication round. That is,
> you instruct the server to authenticate itself to the client twice, once
> with ID vpnserver and a second time with ID vpnserver1. However, that
> requires a matching config on the client (and support for RFC 4739), so
> this won't work with clients other than strongSwan and only if
> configured manually.
>
> If you want to reuse settings, define the shared settings in a separate
> file and then include that file in the connection sections and override
> the settings that are different.
>
> Regards,
> Tobias
