[Openswan Users] query

Paul Wouters paul at xelerance.com
Mon Feb 15 10:03:32 EST 2010

On Mon, 15 Feb 2010, neeraj goyal wrote:

> Does each ipsec peer should have other ipsec peer certificate before starting ipsec. or other peer will send during
> connection time????

That depends on your configuration. See 'man ipsec.conf' and specifically
the sections on "leftsendcert" and "leftca".

If you are not using a CA, you should really just put the cert on both ends.
If you are using a CA, you should let leftsendcert= send it for you.


More information about the Users mailing list