From 8c0c0bfe1c041fb6cd48402db033351f094c0e0c Mon Sep 17 00:00:00 2001
From: Christian Breunig <christian@breunig.cc>
Date: Tue, 25 Nov 2025 12:54:01 +0100
Subject: [PATCH] ipsec: T8027: voluntarily send its certificate, even if it
 wasn't requested (#1712)

---
 docs/configuration/vpn/ipsec/remoteaccess_ipsec.rst | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/docs/configuration/vpn/ipsec/remoteaccess_ipsec.rst b/docs/configuration/vpn/ipsec/remoteaccess_ipsec.rst
index 481f1f7e..1a41d987 100644
--- a/docs/configuration/vpn/ipsec/remoteaccess_ipsec.rst
+++ b/docs/configuration/vpn/ipsec/remoteaccess_ipsec.rst
@@ -133,6 +133,14 @@ following commands.
   set vpn ipsec remote-access connection rw authentication client-mode 'eap-mschapv2'
   set vpn ipsec remote-access connection rw authentication local-users username vyos password 'vyos'
 
+Some client operating systems like to see the servers certificate. The following
+option causes the server to voluntarily send its certificate, even if it wasn't
+requested.
+
+.. code-block:: none
+
+  set vpn ipsec remote-access connection rw authentication always-send-cert
+
 Client Configuration
 ^^^^^^^^^^^^^^^^^^^^