Hmmm, its seems that the curl plugin is required to refetch CRLs from the local file system. Compile strongSwan with
./configure --enable-curl Regards Andreas On 24.06.2010 11:51, Claude Tompers wrote:
Hello, My strongswan server is unable to refetch crls. When the server starts, it reads the crl correctly, but if a client tries to connect, the refetch fails and so the connection fails. Here's the log : Jun 24 11:46:46 vpn6-test pluto[13321]: fetching crl from 'file:///usr/local/etc/ipsec.d/crls/VPNCA-crl.pem' ... Jun 24 11:46:46 vpn6-test pluto[13321]: unable to fetch from file:///usr/local/etc/ipsec.d/crls/VPNCA-crl.pem, no capable fetcher found Jun 24 11:46:46 vpn6-test pluto[13321]: crl fetching failed Jun 24 11:46:46 vpn6-test pluto[13321]: fetching crl from 'VPNCA-crl.pem' ... Jun 24 11:46:46 vpn6-test pluto[13321]: unable to fetch from VPNCA-crl.pem, no capable fetcher found Jun 24 11:46:46 vpn6-test pluto[13321]: crl fetching failed Jun 24 11:46:46 vpn6-test pluto[13321]: "cisco-vpn"[1] 192.168.1.180:59262 #1: X.509 certificate rejected The permissions on the crl are : -rw------- 1 root root 1064 May 21 08:13 /usr/local/etc/ipsec.d/crls/VPNCA-crl.pem Any ideas ? thanks very much Claude
====================================================================== Andreas Steffen [email protected] strongSwan - the Linux VPN Solution! www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]==
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
