[strongSwan] revoke certification with out "ipsec restart"

Tobias Brunner tobias at strongswan.org
Thu Sep 7 10:58:16 CEST 2017

Hi Nimo,

> I don't want to use "ipsec restart" because other IPsec sessions are
> disconnected.
> How can I make enabled the revocation without disconnecting other's
> IPsec session ?

You used the same crlNumber for your second CRL.  So it didn't replace
the CRL that you loaded before (this is logged as "  crl #01 is not
newer - existing crl #01 retained", so if you read that you'd have known).


More information about the Users mailing list