Kalpesh Panchal
2017-11-02 18:21:45 UTC
Hi All,
We are using multiple VPN tunnels on the same system. All CAs for Tunnel A
& B are in */etc/ipsec.d/cacerts/*
For that
*How can we provide the Tunnel specific CA list in configuration for the
Authentication ?*
*means*
*Tunnel A must be established only if received client certificate is signed
by any CA of Tunnel A *
*and *
*Tunnel B must be established only if received client certificate is signed
by any CA of Tunnel B.*
Here we can not use *rightca *option as we may have up to 20 different CAs
for each Tunnel.
Currently we are facing below issue:
*Tunnel A is established even if received client certificate is signed by
any CA of Tunnel B. And vice versa.*
Let me know if anything required from my side.
Appreciating the quick response in advance.
Thanks,
Kalpesh Panchal
On Thu, Nov 2, 2017 at 12:09 PM, Kalpesh Panchal <
We are using multiple VPN tunnels on the same system. All CAs for Tunnel A
& B are in */etc/ipsec.d/cacerts/*
For that
*How can we provide the Tunnel specific CA list in configuration for the
Authentication ?*
*means*
*Tunnel A must be established only if received client certificate is signed
by any CA of Tunnel A *
*and *
*Tunnel B must be established only if received client certificate is signed
by any CA of Tunnel B.*
Here we can not use *rightca *option as we may have up to 20 different CAs
for each Tunnel.
Currently we are facing below issue:
*Tunnel A is established even if received client certificate is signed by
any CA of Tunnel B. And vice versa.*
Let me know if anything required from my side.
Appreciating the quick response in advance.
Thanks,
Kalpesh Panchal
On Thu, Nov 2, 2017 at 12:09 PM, Kalpesh Panchal <
Hi All,
We are using multiple VPN tunnels on the same system. All CAs for Tunnel A
& B are in */etc/ipsec.d/cacerts/*
For that
*How can we provide the Tunnel specific CA list in configuration for the
Authentication ?*
*means*
*Tunnel A must be established only if received client certificate is
signed by any CA of Tunnel A *
*and *
*Tunnel B must be established only if received client certificate is
signed by any CA of Tunnel B.*
Here we can not use *rightca *option as we may have up to 20 different
CAs for each Tunnel.
*Tunnel A is established even if received client certificate is signed by
any CA of Tunnel B. And vice versa.*
Let me know if anything required from my side.
Appreciating the quick response in advance.
Thanks,
Kalpesh Panchal
We are using multiple VPN tunnels on the same system. All CAs for Tunnel A
& B are in */etc/ipsec.d/cacerts/*
For that
*How can we provide the Tunnel specific CA list in configuration for the
Authentication ?*
*means*
*Tunnel A must be established only if received client certificate is
signed by any CA of Tunnel A *
*and *
*Tunnel B must be established only if received client certificate is
signed by any CA of Tunnel B.*
Here we can not use *rightca *option as we may have up to 20 different
CAs for each Tunnel.
*Tunnel A is established even if received client certificate is signed by
any CA of Tunnel B. And vice versa.*
Let me know if anything required from my side.
Appreciating the quick response in advance.
Thanks,
Kalpesh Panchal