Hi list,

recently I had to renew the host cert of my IPFire system for
strongswan. As we currently write:

rightcert =

into the config (see for this:
https://git.ipfire.org/?p=ipfire-2.x.git;a=blob;f=html/cgi-bin/vpnmain.cgi;h=3541aaa29393091258456cf787fefe3ec5ca3cb4;hb=refs/heads/master#l379
I have to change the cert of the remote system as well. Is there a
reason for this? When I use 

rightca=

the connection works out of the box. Is there a reason why we make not
use of this option?

Jonatan