[strongSwan] strict crl policy
andreas.steffen at strongswan.org
Sun Sep 26 09:24:50 CEST 2021
strict CRL policy still works.
The problem with your setup is that you define
in ipsec.conf which is loaded via starter and the stroke interface
only whereas your log shows that you load the configuration via the
2021 Sep 24 04:26:47+00:00 wglng-17 charon [info]
14[CFG] class = public key
14[CFG] id = C=CA, O=Carillon Information Security Inc., ...
14[CFG] added vici connection: sgateway1-radio0
There is no
revocation = GOOD
entry in the remote authentication section log of the vici transfer,
revocation = strict
hasn't been set in the remote section of the configuration definition
in swanctl.conf and thus no strict CRL policy is enforced
On 24.09.21 22:14, Modster, Anthony wrote:
> Does setting strict CRL policy to yes still work ?
> The CRL’s for TA and SCA are removed.
> Was expecting the VPN tunnel not to make a connection.
> strongSwan 5.8.2
> # ipsec.conf - strongSwan IPsec configuration file
> # basic configuration
> config setup
> charondebug="ike 2,cfg 2"
> # uniqueids = no
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Open Source VPN Solution! www.strongswan.org
strongSec GmbH, 8952 Schlieren (Switzerland)
More information about the Users