[strongSwan] OCSP and libcurl

Modster, Anthony Anthony.Modster at Teledyne.com
Thu Apr 15 19:35:39 CEST 2021


Hello

What path does charon libcurl use when sending OCSP protocol ?

The URL is resolved, but the network is not found.

*        charon [info] 07[CFG]   requesting ocsp status from \'http://www.carillon.ca/sha2-ocsp\' ...

*        charon [info] 07[LIB] libcurl request failed [7]: Failed to connect to 192.64.30.9: Network is unreachable

*        charon [info] 07[CFG] ocsp request to http://www.carillon.ca/sha2-ocsp failed

*        charon [info] 07[CFG] ocsp check failed, fallback to crl

*        charon [info] 07[CFG]   fetching crl from \'http://www.carillon.ca/caops/test-signca2-crl.crl\' ...

*        charon [info] 07[LIB] libcurl request failed [7]: Failed to connect to 192.64.30.9: Network is unreachable

*        charon [info] 07[CFG] crl fetching failed

*        charon [info] 07[CFG] certificate status is not available

*        charon [info] 07[CFG] ocsp check skipped, no ocsp found

*        charon [info] 07[CFG]   fetching crl from \'http://www.carillon.ca/caops/TEST-cisRCA1.crl\' ...

*        charon [info] 07[LIB] libcurl request failed [7]: Failed to connect to 192.64.30.9: Network is unreachable

*        charon [info] 07[CFG] crl fetching failed

*        charon [info] 07[CFG] certificate status is not available

The VPN tunnel does come up (so IKE and ESP packets are ok).
Below is some of the configuration information.

*        2021 Apr 15 17:09:04+00:00 wglng-17 charon [info] 12[CFG] vici client 6 connected

*        2021 Apr 15 17:09:04+00:00 wglng-17 charon [info] 10[CFG] vici client 6 requests: load-conn

*        2021 Apr 15 17:09:04+00:00 wglng-17 charon [info] 10[CFG]  conn sgateway1-radio0:

*        2021 Apr 15 17:09:04+00:00 wglng-17 charon [info] 10[CFG]   child sgateway1-radio0:

*        ...

*        2021 Apr 15 17:09:04+00:00 wglng-17 charon [info] 10[CFG]    local_ts = dynamic

*        2021 Apr 15 17:09:04+00:00 wglng-17 charon [info] 10[CFG]    remote_ts = 40.40.40.15/32

*        ...

*        2021 Apr 15 17:09:05+00:00 wglng-17 charon [info] 10[CFG]   local_addrs = 10.215.3.133

*        2021 Apr 15 17:09:05+00:00 wglng-17 charon [info] 10[CFG]   remote_addrs = 76.232.248.220

*        2021 Apr 15 17:09:05+00:00 wglng-17 charon [info] 10[CFG]   local_port = 500

*        2021 Apr 15 17:09:05+00:00 wglng-17 charon [info] 10[CFG]   remote_port = 500
Thanks




Teledyne Confidential; Commercially Sensitive Business Data
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20210415/45af26f6/attachment-0001.html>


More information about the Users mailing list