[strongSwan] ocsp in ikev2
Martin Willi
martin at strongswan.org
Fri Jan 17 12:23:03 CET 2014
> Jan 17 06:57:21 localhost charon: 02[LIB] sending http request to 'http://10.206.1.11:8880'...
> Jan 17 06:57:31 localhost charon: 02[LIB] libcurl http request failed: couldn't connect to host
Does that host have access to 10.206.1.11 without the IPsec tunnel?
Please be aware that you can't use the same IPsec tunnel to fetch OSCP
information that you are trying to establish; that's a chicken-and-egg
problem. Until we have support for exchanging OCSP within IKEv2
(RFC4806), you'll have to host the OCSP server on a host that IKE peers
have access to without IPsec.
Regards
Martin
More information about the Users
mailing list