Aha, since the pluto daemon is not fully multi-threaded, the second thread used for asynchronous crl fetching must be activated by setting crlcheckinterval > 0 seconds as in
config setup crlcheckinterval=600 which would check for a fresh crl every ten minutes. This parameter is ignored by the IKEv2 daemon since charon fetches CRLs synchronously within the current thread. Best regards Andreas Mustonen, Juha wrote: > I have test a setup where CRL is fetched from LDAP server. With IKEv2 > the setup works, with IKEv1 it does not. Only difference between these > is the value of keyexchange parameter in ipsec.conf. Strongswan version > is 4.3.3. Any idea what could be the reason for this? > > Regards, > > Juha ====================================================================== Andreas Steffen andreas.stef...@strongswan.org strongSwan - the Linux VPN Solution! www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]== _______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users