Hi Eric,
When IKE reauthenticates the log says it is loading crl from the directory (which has nothing in it).
What exactly are you referring to here? Logs?
Also forcing “rereadcrls” doesn’t cause a new fetch. “files” and “curl” plugins are loaded.
If there is a cached CRL (note that `cachecrls` refers to caching CRLs persistently in /etc/ipsec.d/crls, not the in-memory cache) that's still valid, there won't be a new fetch. And the `rereadcrls` command has no effect on this as it only triggers a reload of CRLs from /etc/ipsec.d/crls, it does not purge any in-memory caches (try `purgecrls` for that). Also see this thread [1].
Regards, Tobias [1] https://lists.strongswan.org/pipermail/users/2022-April/015291.html
