Aha, since the pluto daemon is not fully multi-threaded, the second
thread used for asynchronous crl fetching must be activated by setting
crlcheckinterval > 0 seconds as in
config setup
crlcheckinterval=600
which would check for a fresh crl every ten minutes. This parameter
is ignored by the IKEv2 daemon since charon fetches CRLs synchronously
within the current thread.
Best regards
Andreas
Mustonen, Juha wrote:
> I have test a setup where CRL is fetched from LDAP server. With IKEv2
> the setup works, with IKEv1 it does not. Only difference between these
> is the value of keyexchange parameter in ipsec.conf. Strongswan version
> is 4.3.3. Any idea what could be the reason for this?
>
> Regards,
>
> Juha
======================================================================
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==
_______________________________________________
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
