[strongSwan] IKEv2 : Tunnel gets established even when local cert startDate is invalid
sriram.ec at gmail.com
Thu Feb 16 17:48:00 CET 2017
In one our of linux devices which is the vpn client, the date is not set
properly because of gps issue.
[root at 0005B9xxxxxx /]# date
Wed Feb 8 05:56:43 UTC 2017
0005B9xxxxxx.airvana.com i.e this DNS name represents the linux device
[root at 0005B9xxxxxx /]# ipsec listcerts
List of X.509 End Entity Certificates:
subject: "CN=0005B9xxxxxx, OU=abc 2015 abcLLC., O=abc LLC., C=US"
issuer: "CN=abc SubCA1, OU=abc Copyright 2015 abc LLC., O=abc LLC.,
* validity: not before Feb 08 11:09:12 2017, not valid yet (valid in 5
not after Feb 08 11:09:12 2018, ok
pubkey: RSA 2048 bits, has private key
"ipsec listcerts" says that the above (device)cert is not yet valid. Still
tunnel gets established properly.
*Note that the date is set properly in Security Gateway. Security Gateway's
certificate validity is as follows,*
* validity: not before Oct 19 11:44:56 2015, ok not after
Oct 18 11:44:56 2017, ok*
systime-fix plugin is included. Is this the desired behavior ?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users