[strongSwan] No capable fetcher found
Andreas Steffen
andreas.steffen at strongswan.org
Thu Jun 24 12:58:17 CEST 2010
Here a follow up comment:
If you are *not* using an explicit pluto.load statement then
do not forget to execute
make clean
before recompiling strongSwan with --enable-curl, since otherwise
the default pluto plugin load list will not be updated.
Andreas
On 24.06.2010 12:54, Andreas Steffen wrote:
> Hi Claude,
>
> if you are using an explicit pluto.load statement in strongswan.conf
> then you must add curl to the plugin list.
>
> Andreas
>
> On 24.06.2010 12:52, Claude Tompers wrote:
>> Thanks for your fast answer.
>>
>> I did recompile, the error message is now slightly different, but the
>> outcome is the same. :(
>>
>> Jun 24 12:47:48 vpn6-test pluto[1705]: fetching crl from
>> 'file:///usr/local/etc/ipsec.d/crls/VPNCA-crl.pem' ...
>> Jun 24 12:47:48 vpn6-test pluto[1705]: crl from May 21 08:12:40 2010
>> is not newer - existing crl from May 21 08:12:40 2010 retained
>> Jun 24 12:47:48 vpn6-test pluto[1705]: fetching crl from
>> 'VPNCA-crl.pem' ...
>> Jun 24 12:47:48 vpn6-test pluto[1705]: unable to fetch from
>> VPNCA-crl.pem, no capable fetcher found
>> Jun 24 12:47:48 vpn6-test pluto[1705]: crl fetching failed
>> Jun 24 12:47:48 vpn6-test pluto[1705]: "cisco-vpn"[1]
>> 192.168.1.180:64053 #1: X.509 certificate rejected
>>
>> regards,
>> Claude
>>
>> On Thursday 24 June 2010 11:59:03 Andreas Steffen wrote:
>>> Hmmm, its seems that the curl plugin is required to
>>> refetch CRLs from the local file system. Compile
>>> strongSwan with
>>>
>>> ./configure --enable-curl
>>>
>>> Regards
>>>
>>> Andreas
>>>
>>> On 24.06.2010 11:51, Claude Tompers wrote:
>>>> Hello,
>>>>
>>>> My strongswan server is unable to refetch crls.
>>>> When the server starts, it reads the crl correctly, but if a client
>>>> tries to connect, the refetch fails and so the connection fails.
>>>>
>>>> Here's the log :
>>>>
>>>> Jun 24 11:46:46 vpn6-test pluto[13321]: fetching crl from
>>>> 'file:///usr/local/etc/ipsec.d/crls/VPNCA-crl.pem' ...
>>>> Jun 24 11:46:46 vpn6-test pluto[13321]: unable to fetch from
>>>> file:///usr/local/etc/ipsec.d/crls/VPNCA-crl.pem, no capable fetcher
>>>> found
>>>> Jun 24 11:46:46 vpn6-test pluto[13321]: crl fetching failed
>>>> Jun 24 11:46:46 vpn6-test pluto[13321]: fetching crl from
>>>> 'VPNCA-crl.pem' ...
>>>> Jun 24 11:46:46 vpn6-test pluto[13321]: unable to fetch from
>>>> VPNCA-crl.pem, no capable fetcher found
>>>> Jun 24 11:46:46 vpn6-test pluto[13321]: crl fetching failed
>>>> Jun 24 11:46:46 vpn6-test pluto[13321]: "cisco-vpn"[1]
>>>> 192.168.1.180:59262 #1: X.509 certificate rejected
>>>>
>>>> The permissions on the crl are :
>>>> -rw------- 1 root root 1064 May 21 08:13
>>>> /usr/local/etc/ipsec.d/crls/VPNCA-crl.pem
>>>>
>>>> Any ideas ?
>>>>
>>>> thanks very much
>>>> Claude
>
> ======================================================================
> Andreas Steffen andreas.steffen at strongswan.org
> strongSwan - the Linux VPN Solution! www.strongswan.org
> Institute for Internet Technologies and Applications
> University of Applied Sciences Rapperswil
> CH-8640 Rapperswil (Switzerland)
> ===========================================================[ITA-HSR]==
>
--
======================================================================
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3430 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20100624/1eb6a02e/attachment.bin>
More information about the Users
mailing list