Hi,
Assuming the ipsec.conf defines several connections with different left= and
right= values, which source IP@ is used by strongSwan to retrieve CRLs from a
CDP? In our case URI is a HTTP URI. Charon is used.
Best Regards
Mugur
___
Users mailing
Hello Mugur,
I don't quite understand your question. Charon does a HTTP-based
CRL fetch using either the curl or soup plugin. The source IP
of the HTTP request belongs to charon's network interface via which
the daemon is able to reach the HTTP server.
Regards
Andreas
On 11/23/2011 05:53 PM,
Hi Andreas,
Thank you for answer. I wondered if strongSwan does not use a
'bind(2)' syscall to force the source IP@ for corresponding sockets.
But from your answer this seams to not be the case.
Best Regards
Mugur
-Original Message-
From: Andreas Steffen
Hello,
Our understanding in case of setting strictcrlpolicy to **no** for charon is
that strongSwan denies the authentication if the certificate appears in the
fetched CRL. But,
if the certificate does not specify an uri or if the CRL can't be fetched the
authentication is
not denied.
Can you