[strongSwan] Strongswan caching CRL's when setting is set to "no"
Eric Germann
ekgermann at semperen.com
Sun May 29 22:56:27 CEST 2022
I’m gradually rolling out spokes to a number of remote sites using pfSense (at the core) and strongwan at the end of the spokes. I am trying to achieve dynamic CRL checks and not having much luck. The CRL is hosted in AWS S3 and successfully is fetched the first time around. When IKE reauthenticates the log says it is loading crl from the directory (which has nothing in it). Also forcing “rereadcrls” doesn’t cause a new fetch. “files” and “curl” plugins are loaded.
Thoughts? Pertinent config is
config setup
cachecrls = no
uniqueids = yes
strictcrlpolicy = yes
ca IPSecCA
auto = add
crluri = <S3 hosting URL which works>
cacert = "semperen-ca.crt"
---
Eric Germann
ekgermann {at} semperen {dot} com || ekgermann {at} gmail {dot} com
LinkedIn: https://www.linkedin.com/in/ericgermann <https://www.linkedin.com/in/ericgermann>
Medium: https://ekgermann.medium.com <https://ekgermann.medium.com/>
Twitter: @ekgermann
Telegram || Signal || Skype || Phone +1 {dash} 419 {dash} 513 {dash} 0712
GPG Fingerprint: 89ED 36B3 515A 211B 6390 60A9 E30D 9B9B 3EBF F1A1
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20220529/4bbc2150/attachment.html>
More information about the Users
mailing list