[strongSwan] problem: fetching from hash_and_url

Mike.Ettrich at bertelsmann.de Mike.Ettrich at bertelsmann.de
Thu Mar 1 12:38:24 CET 2018


Hi!

We want to use certificate exchange by using a hash_and_url-server.

What we found in the Charon-log is:

Mar  1 11:37:45 08[CFG] <RU1-TI|4>   fetching certificate from 'http://146.185.113.20/99970a34dffce65a5fb9179d0a23212135b36197' ...
Mar  1 11:37:45 08[LIB] <RU1-TI|4> unable to fetch from http://146.185.113.20/99970a34dffce65a5fb9179d0a23212135b36197, no capable fetcher found
Mar  1 11:37:45 08[CFG] <RU1-TI|4>   fetching certificate failed
...
Mar  1 11:37:45 08[ENC] <RU1-TI|4> generating IKE_AUTH response 1 [ N(AUTH_FAILED) ]

As I could find in the users-mailing-list a capable fetcher could be provided by the curl-plugin.

Our installations statusall shows:

sudo ipsec statusall
Status of IKE charon daemon (strongSwan 5.5.3, Linux 4.4.103-6.38-default, x86_64):
  uptime: 54 minutes, since Mar 01 11:41:29 2018
  malloc: sbrk 2969600, mmap 0, used 693088, free 2276512
  worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 0
  loaded plugins: charon aes des rc2 sha2 sha1 md5 random nonce x509 pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem fips-prf gmp curve25519 xcbc cmac hmac attr kernel-netlink socket-default stroke vici updown xauth-generic

Do we need to install additional plugins?

Kind regards,
Mike.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20180301/c7608ef7/attachment.html>


More information about the Users mailing list