Hi Tobias,
>> I don't want to use "ipsec restart" because other IPsec sessions are
>> disconnected.
>> How can I make enabled the revocation without disconnecting other's
>> IPsec session ?
>
> You used the same crlNumber for your second CRL. So it didn't replace
> the CRL that you loaded before
Hi Martin.
6b57790270fb07c579315c70ecce34f8ad9a4d63
If a system uses routing metrics, we should honor them when doing (manual)
routing lookups for IKE. When enumerating routes, the kernel reports priorities
with the RTA_PRIORITY attribute, not RTA_METRICS. We prefer routes with a
lower priority
Hi Nimo,
> I don't want to use "ipsec restart" because other IPsec sessions are
> disconnected.
> How can I make enabled the revocation without disconnecting other's
> IPsec session ?
You used the same crlNumber for your second CRL. So it didn't replace
the CRL that you loaded before (this is
Hi
i have a problems on a new Site-to-Site configuration of Strongswan :
ipsec.conf:
config setup
charondebug="knl 2, cfg 2"
conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=1
authby=secret
keyexchange=ikev1
Hi Anthony,
> ? is the VICI library considered thread safe
>
> Can a host use multiple threads to access the library functions.
You can't share VICI connections between threads, but multiple threads
can call the library functions and operate on separate connections. For
third-party tools you
