Hi all,
maybe I got something wrong with the automatic fetching of CRLs via
http, so I really need your help here...
I thought that pluto downloads the CRL from the configured URI every 60
seconds (I have configured crlcheckinterval=60) no matter if pluto has
already a valid CRL or not. But it
Hi Andreas,
simple but powerful solution! ;)
It works now:
Feb 17 11:36:02 vpn charon: 13[CFG] checking certificate status of
"C=DE, ST=Sachsen, L=Leipzig, O=StrongSWAN Project, OU=StrongSWAN PKI,
CN=User003, e=user...@project.lan"
Feb 17 11:36:02 vpn charon: 13[CFG] fetching crl from
'http:
ashish mahalka wrote:
> establishes SA b/w the peers, it should over-write those discard
> policies and install ipsec policies in the kernel. Is this possible ?
Hi Ashish,
sorry, but I do not like this idea much. With your design, both,
strongSwan and your shell scripts access the policy databas