Well I got one big issue with my ipsec setup when using certificates
I've got 4 sites.
Site A, B, C and D.
Site A is my main office.
Site B, C, and D are branch office.
Every branch office is connected with one ipsec vpn tunnel to the main office.
The problem is: when I restart m0n0 in a branch office the tunnel comes up fine, but when I restart m0n0 on the main office the tunnels won't come up. Pinging from branch office to main office also doesn't make the tunnel to come up. Only pingigng from main office to a branch office makes the tunnel to come up.
But with a psk setup when I restarted the main office m0n0 the tunnels came up just after succesfull bootup of main office m0n0.
When rebooting the main office m0n0 the branch office m0n0 has SAD active. When I delete the SAD on branch office m0n0 the tunnel comes up fine.
Any suggestions on this issue