[strongSwan] No capable fetcher found

Andreas Steffen andreas.steffen at strongswan.org
Thu Jun 24 12:54:14 CEST 2010


Hi Claude,

if you are using an explicit pluto.load statement in strongswan.conf
then you must add curl to the plugin list.

Andreas

On 24.06.2010 12:52, Claude Tompers wrote:
> Thanks for your fast answer.
>
> I did recompile, the error message is now slightly different, but the outcome is the same. :(
>
> Jun 24 12:47:48 vpn6-test pluto[1705]:   fetching crl from 'file:///usr/local/etc/ipsec.d/crls/VPNCA-crl.pem' ...
> Jun 24 12:47:48 vpn6-test pluto[1705]:   crl from May 21 08:12:40 2010 is not newer - existing crl from May 21 08:12:40 2010 retained
> Jun 24 12:47:48 vpn6-test pluto[1705]:   fetching crl from 'VPNCA-crl.pem' ...
> Jun 24 12:47:48 vpn6-test pluto[1705]: unable to fetch from VPNCA-crl.pem, no capable fetcher found
> Jun 24 12:47:48 vpn6-test pluto[1705]: crl fetching failed
> Jun 24 12:47:48 vpn6-test pluto[1705]: "cisco-vpn"[1] 192.168.1.180:64053 #1: X.509 certificate rejected
>
> regards,
> Claude
>
> On Thursday 24 June 2010 11:59:03 Andreas Steffen wrote:
>> Hmmm, its seems that the curl plugin is required to
>> refetch CRLs from the local file system. Compile
>> strongSwan with
>>
>>     ./configure --enable-curl
>>
>> Regards
>>
>> Andreas
>>
>> On 24.06.2010 11:51, Claude Tompers wrote:
>>> Hello,
>>>
>>> My strongswan server is unable to refetch crls.
>>> When the server starts, it reads the crl correctly, but if a client tries to connect, the refetch fails and so the connection fails.
>>>
>>> Here's the log :
>>>
>>> Jun 24 11:46:46 vpn6-test pluto[13321]:   fetching crl from 'file:///usr/local/etc/ipsec.d/crls/VPNCA-crl.pem' ...
>>> Jun 24 11:46:46 vpn6-test pluto[13321]: unable to fetch from file:///usr/local/etc/ipsec.d/crls/VPNCA-crl.pem, no capable fetcher found
>>> Jun 24 11:46:46 vpn6-test pluto[13321]: crl fetching failed
>>> Jun 24 11:46:46 vpn6-test pluto[13321]:   fetching crl from 'VPNCA-crl.pem' ...
>>> Jun 24 11:46:46 vpn6-test pluto[13321]: unable to fetch from VPNCA-crl.pem, no capable fetcher found
>>> Jun 24 11:46:46 vpn6-test pluto[13321]: crl fetching failed
>>> Jun 24 11:46:46 vpn6-test pluto[13321]: "cisco-vpn"[1] 192.168.1.180:59262 #1: X.509 certificate rejected
>>>
>>> The permissions on the crl are :
>>> -rw------- 1 root root 1064 May 21 08:13 /usr/local/etc/ipsec.d/crls/VPNCA-crl.pem
>>>
>>> Any ideas ?
>>>
>>> thanks very much
>>> Claude

======================================================================
Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3430 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20100624/68981e46/attachment.bin>


More information about the Users mailing list