From mboxrd@z Thu Jan  1 00:00:00 1970
From: Jonatan Schlag <jonatan.schlag@ipfire.org>
To: development@lists.ipfire.org
Subject: Reason why we do not set rigthca  in the strongswan conf
Date: Sat, 08 Feb 2025 21:50:19 +0100
Message-ID: <47de53fca244e7ad2f5b780942ecf2192c49e3a7.camel@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============5439482586827222409=="
List-Id: <development.lists.ipfire.org>

--===============5439482586827222409==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

Hi list,

recently I had to renew the host cert of my IPFire system for
strongswan. As we currently write:

rightcert =3D

into the config (see for this:
https://git.ipfire.org/?p=3Dipfire-2.x.git;a=3Dblob;f=3Dhtml/cgi-bin/vpnmain.=
cgi;h=3D3541aaa29393091258456cf787fefe3ec5ca3cb4;hb=3Drefs/heads/master#l379
I have to change the cert of the remote system as well. Is there a
reason for this? When I use=20

rightca=3D

the connection works out of the box. Is there a reason why we make not
use of this option?

Jonatan

--===============5439482586827222409==--