[strongSwan] strict crl policy
Jafar Al-Gharaibeh
jafar at atcorp.com
Sat Sep 25 06:20:40 CEST 2021
Hi,
Double check two things:
1 - Make sure the revocation plugin is loaded, use "ipsec
statusall"
2- Make sure the crl is loaded, use " ipsec listcrls"
--Jafar
On 9/24/2021 3:14 PM, Modster, Anthony wrote:
> Hello
>
> Does setting strict CRL policy to yes still work ?
>
> The CRL’s for TA and SCA are removed.
>
> Was expecting the VPN tunnel not to make a connection.
>
> strongSwan 5.8.2
>
> # ipsec.conf - strongSwan IPsec configuration file
>
> # basic configuration
>
> config setup
>
> charondebug="ike 2,cfg 2"
>
> strictcrlpolicy=yes
>
> # uniqueids = no
>
>
> Teledyne Confidential; Commercially Sensitive Business Data
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20210924/f3a1ffc3/attachment.html>
More information about the Users
mailing list