[strongSwan] Which source IP@ is used to retrieve CRLs?

ABULIUS, MUGUR (MUGUR) mugur.abulius at alcatel-lucent.com
Thu Nov 24 08:18:57 CET 2011


Hi Andreas,
Thank you for answer. I wondered if strongSwan does not use a
'bind(2)' syscall to force the source IP@ for corresponding sockets.
But from your answer this seams to not be the case.
Best Regards
Mugur 

-----Original Message-----
From: Andreas Steffen [mailto:andreas.steffen at strongswan.org] 
Sent: mercredi 23 novembre 2011 19:30
To: ABULIUS, MUGUR (MUGUR)
Cc: users at lists.strongswan.org; SCARAZZINI, FABRICE (FABRICE); Pisano, Stephen G (Stephen); WASNIEWSKI, ALAIN (ALAIN)
Subject: Re: [strongSwan] Which source IP@ is used to retrieve CRLs?

Hello Mugur,

I don't quite understand your question. Charon does a HTTP-based CRL fetch using either the curl or soup plugin. The source IP of the HTTP request belongs to charon's network interface via which the daemon is able to reach the HTTP server.

Regards

Andreas

On 11/23/2011 05:53 PM, ABULIUS, MUGUR (MUGUR) wrote:
> Hi,
> Assuming the ipsec.conf defines several connections with different 
> "left=" and "right=" values, which source IP@ is used by strongSwan to 
> retrieve CRLs from a CDP? In our case URI is a HTTP URI. Charon is used.
> Best Regards
> Mugur

======================================================================
Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]==




More information about the Users mailing list