[strongSwan] ocsp in ikev2

Sriram sriram.ec at gmail.com
Fri Jan 17 12:29:10 CET 2014


Hi Martin,



*Does that host have access to 10.206.1.11 without the IPsec tunnel?*
No, every other protocol data between .10 and .11 are encrypted.
Let me check my by making the tunnel more specific.

Thanks for the information and hints.

Regards,
Sriram.


On Fri, Jan 17, 2014 at 4:53 PM, Martin Willi <martin at strongswan.org> wrote:

>
> > Jan 17 06:57:21 localhost charon: 02[LIB]   sending http request to
> 'http://10.206.1.11:8880'...
> > Jan 17 06:57:31 localhost charon: 02[LIB] libcurl http request failed:
> couldn't connect to host
>
> Does that host have access to 10.206.1.11 without the IPsec tunnel?
>
> Please be aware that you can't use the same IPsec tunnel to fetch OSCP
> information that you are trying to establish; that's a chicken-and-egg
> problem. Until we have support for exchanging OCSP within IKEv2
> (RFC4806), you'll have to host the OCSP server on a host that IKE peers
> have access to without IPsec.
>
> Regards
> Martin
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20140117/1a79473d/attachment.html>


More information about the Users mailing list