[strongSwan] Loading CRLs from file
vivek bairathi
bairathi.vivek at gmail.com
Fri Feb 19 13:15:39 CET 2010
Hi All,
Hi All,
I have a CRL in pem format with me. The CRL file is loaded at startup.
1. If the CRL file is updated in the directory, how can strongswan be
indicated to update it. Does crlCheckInterval timer work with
strongswan IKEv2?
2. Is there an option to load CRL present in Cert directory at every
IKE Autentication
3. Also, If I try to specify a specific fileuri, I get the follwoing error:-
Error:-
Feb 20 00:58:17 vivek-desktop charon: 09[CFG] fetching crl from
'/home/vivek/vivek/linux_pc_90_1/crl.pem' ...
Feb 20 00:58:17 vivek-desktop charon: 09[LIB] unable to fetch from
/home/vivek/vivek/linux_pc_90_1/crl.pem, no capable fetcher found
Feb 20 00:58:17 vivek-desktop charon: 09[CFG] crl fetching failed
ipsec.conf:-
config setup
cachecrls=no
charonstart=yes
plutostart=no
strictcrlpolicy=yes
uniqueids=no
ca AllPlanes
cacert=/tmp/RootCert3801_7349bbdb.pem
crluri=file:///home/vivek/vivek/linux_pc_90_1/crl.pem
auto=add
conn IpSecSSEPlane
ikelifetime=24h
keyexchange=ikev2
keyingtries=%forever
keylife=90m
reauth=no
rekey=yes
mobike=no
rekeymargin=4m
ike=aes128-sha1-modp1024,3des-sha1-modp1024!
esp=3des-sha1-modp1024,aes128-sha1-modp1024!
authby=rsasig
left=21.21.21.20
leftsubnet=14.14.14.10/32
right=21.21.21.21
leftcert=/home/vivek/vivek/linux_pc_90_1/cert.pem
rightid=%any
auto=add
Thanks for your inputs in advance.
Regards,
Vivek
More information about the Users
mailing list