[strongSwan] ocsp in ikev2

Martin Willi martin at strongswan.org
Fri Jan 17 12:23:03 CET 2014

> Jan 17 06:57:21 localhost charon: 02[LIB]   sending http request to ''...
> Jan 17 06:57:31 localhost charon: 02[LIB] libcurl http request failed: couldn't connect to host

Does that host have access to without the IPsec tunnel?

Please be aware that you can't use the same IPsec tunnel to fetch OSCP
information that you are trying to establish; that's a chicken-and-egg
problem. Until we have support for exchanging OCSP within IKEv2
(RFC4806), you'll have to host the OCSP server on a host that IKE peers
have access to without IPsec.


More information about the Users mailing list