Hi Martin,
*Does that host have access to 10.206.1.11 without the IPsec tunnel?* No, every other protocol data between .10 and .11 are encrypted. Let me check my by making the tunnel more specific. Thanks for the information and hints. Regards, Sriram. On Fri, Jan 17, 2014 at 4:53 PM, Martin Willi <mar...@strongswan.org> wrote: > > > Jan 17 06:57:21 localhost charon: 02[LIB] sending http request to > 'http://10.206.1.11:8880'... > > Jan 17 06:57:31 localhost charon: 02[LIB] libcurl http request failed: > couldn't connect to host > > Does that host have access to 10.206.1.11 without the IPsec tunnel? > > Please be aware that you can't use the same IPsec tunnel to fetch OSCP > information that you are trying to establish; that's a chicken-and-egg > problem. Until we have support for exchanging OCSP within IKEv2 > (RFC4806), you'll have to host the OCSP server on a host that IKE peers > have access to without IPsec. > > Regards > Martin > >
_______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users