On Mon, Jun 08, 2020 at 10:11:09AM -0700, Joe Touch wrote: > > On Jun 8, 2020, at 10:00 AM, Michael Thomas <mike@xxxxxxxx> wrote: > > i assume that you can hack ipsec to emulate clients not having certs. > > It is called BTNS. See RFC 5387. Yes, but you also need RFC5660 implementations to make it more meaningful. Still, if all you want is error detection, BTNS will do.