[strongSwan] ipsec rereadcrls command effect

अनुज anuj01 at gmail.com
Wed Jun 5 15:59:18 CEST 2013


As per wiki :

*ipsec rereadcrls*

reads all Certificate Revocation Lists (CRLs) contained in the
and adds them to the list of CRLs. Older CRLs are replaced by
newer ones. Implemented by calling the ipsec
and/or ipsec
stroke <http://wiki.strongswan.org/projects/strongswan/wiki/IpsecStroke>rereadcrls

Does by executing this command, already established Ipsec SA  would be
destroyed in case revoked certificates are used in establishing the tunnel?

If yes, then we are not observing this behavior on Strongswan 4.5.3. The
ipsec SAs remain established even the certificates are revoked.

Thanks & Regards,
Anuj Aggarwal

Anuj Aggarwal

: :Ⓐ :   # apt-get install hakuna-matata
`. `'`
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20130605/0b4a4b61/attachment.html>

More information about the Users mailing list