Hi Claude, if you are using an explicit pluto.load statement in strongswan.conf then you must add curl to the plugin list.
Andreas On 24.06.2010 12:52, Claude Tompers wrote:
Thanks for your fast answer. I did recompile, the error message is now slightly different, but the outcome is the same. :( Jun 24 12:47:48 vpn6-test pluto[1705]: fetching crl from 'file:///usr/local/etc/ipsec.d/crls/VPNCA-crl.pem' ... Jun 24 12:47:48 vpn6-test pluto[1705]: crl from May 21 08:12:40 2010 is not newer - existing crl from May 21 08:12:40 2010 retained Jun 24 12:47:48 vpn6-test pluto[1705]: fetching crl from 'VPNCA-crl.pem' ... Jun 24 12:47:48 vpn6-test pluto[1705]: unable to fetch from VPNCA-crl.pem, no capable fetcher found Jun 24 12:47:48 vpn6-test pluto[1705]: crl fetching failed Jun 24 12:47:48 vpn6-test pluto[1705]: "cisco-vpn"[1] 192.168.1.180:64053 #1: X.509 certificate rejected regards, Claude On Thursday 24 June 2010 11:59:03 Andreas Steffen wrote:Hmmm, its seems that the curl plugin is required to refetch CRLs from the local file system. Compile strongSwan with ./configure --enable-curl Regards Andreas On 24.06.2010 11:51, Claude Tompers wrote:Hello, My strongswan server is unable to refetch crls. When the server starts, it reads the crl correctly, but if a client tries to connect, the refetch fails and so the connection fails. Here's the log : Jun 24 11:46:46 vpn6-test pluto[13321]: fetching crl from 'file:///usr/local/etc/ipsec.d/crls/VPNCA-crl.pem' ... Jun 24 11:46:46 vpn6-test pluto[13321]: unable to fetch from file:///usr/local/etc/ipsec.d/crls/VPNCA-crl.pem, no capable fetcher found Jun 24 11:46:46 vpn6-test pluto[13321]: crl fetching failed Jun 24 11:46:46 vpn6-test pluto[13321]: fetching crl from 'VPNCA-crl.pem' ... Jun 24 11:46:46 vpn6-test pluto[13321]: unable to fetch from VPNCA-crl.pem, no capable fetcher found Jun 24 11:46:46 vpn6-test pluto[13321]: crl fetching failed Jun 24 11:46:46 vpn6-test pluto[13321]: "cisco-vpn"[1] 192.168.1.180:59262 #1: X.509 certificate rejected The permissions on the crl are : -rw------- 1 root root 1064 May 21 08:13 /usr/local/etc/ipsec.d/crls/VPNCA-crl.pem Any ideas ? thanks very much Claude
====================================================================== Andreas Steffen [email protected] strongSwan - the Linux VPN Solution! www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]==
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
