[strongSwan] IKEv2 : Tunnel gets established even when local cert startDate is invalid
Sriram
sriram.ec at gmail.com
Thu Feb 16 17:48:00 CET 2017
Hi,
In one our of linux devices which is the vpn client, the date is not set
properly because of gps issue.
[root at 0005B9xxxxxx /]# date
Wed Feb 8 05:56:43 UTC 2017
0005B9xxxxxx.airvana.com i.e this DNS name represents the linux device
certificate .
[root at 0005B9xxxxxx /]# ipsec listcerts
List of X.509 End Entity Certificates:
altNames: 0005B9xxxxxx.airvana.com
subject: "CN=0005B9xxxxxx, OU=abc 2015 abcLLC., O=abc LLC., C=US"
issuer: "CN=abc SubCA1, OU=abc Copyright 2015 abc LLC., O=abc LLC.,
C=US"
serial: 69:47:d4:eb:88:7a:0c:66
* validity: not before Feb 08 11:09:12 2017, not valid yet (valid in 5
hours)*
not after Feb 08 11:09:12 2018, ok
pubkey: RSA 2048 bits, has private key
keyid: 5b:6f:ff:a6:ad:8c:a8:97:8e:ae:07:d6:90:22:91:74:52:9a:7a:93
subjkey: 1c:50:4d:46:65:4a:4f:f6:48:2c:0d:98:9f:a8:f2:01:0a:28:1a:43
authkey: d8:a4:0d:19:29:8b:66:44:db:76:72:e1:8a:2f:8a:57:be:72:4f:8d
..............
..............
"ipsec listcerts" says that the above (device)cert is not yet valid. Still
tunnel gets established properly.
*Note that the date is set properly in Security Gateway. Security Gateway's
certificate validity is as follows,*
* validity: not before Oct 19 11:44:56 2015, ok not after
Oct 18 11:44:56 2017, ok*
systime-fix plugin is included. Is this the desired behavior ?
Regards,
Sriram.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20170216/1f15b47f/attachment.html>
More information about the Users
mailing list