<div dir="ltr">I must be missing something:<br><br>If I have machine A and machine B and Machine A initiates an IPSec tunnel to Machine B using x509 certs, is there an exchange of certs in the beginning much like SSH does when you're connecting for the first time? In other words, does machine A say, "Here's my certificate" and B likewise? How is the cert verified with the CA? <br>
<br>I've been reading the Openswan book solid for the last 2 days and working with a Watchguard device to set this up and I think I've garbled some of my information.<br><br>Thanks.<br><br><br></div>