Hello Yong Choo, you can do that with an explicit load statement in strongswan.conf.
Just prepare two versions of strongswan.conf - one with the revocation plugin in the load statement and one without it. Depending on the situation you either start strongSwan with one strongswan.conf or the second one. Is this dynamical enough? Regards Andreas On 09.01.2012 20:59, Yong Choo wrote: > Searching in database, I came up on the following in > http://www.mail-archive.com/[email protected]/msg03918.html > So, the question is 'how not to load the revocation plugin when it is > already enabled by default?' > > -----Original Message----- > From: Andreas Steffen [mailto:[email protected]] > Sent: jeudi 24 novembre 2011 12:51 > To: ABULIUS, MUGUR (MUGUR) > Cc: [email protected]; SCARAZZINI, FABRICE (FABRICE); Pisano, > Stephen > G (Stephen); WASNIEWSKI, ALAIN (ALAIN) > Subject: Re: [strongSwan] How to bypass CRL checks? > > Hello Mugur, > > with IKEv2 revocation checks can be easily disabled by not loading the > revocation plugin. What is not possible is to disable CRL checking on a per > connection definition basis. > > Regards > > Andreas > > > > On 1/9/2012 12:30 PM, Yong Choo wrote: >> Hi, >> Looking at http://wiki.strongswan.org/projects/1/wiki/441, >> OCSP/CRL checking in IKEv2 has been moved to the revocation plugin, >> enabled >> by default. Plase update manual load directives in strongswan.conf. >> >> How can I disable this plugin dynamically? We have a need of >> dynamically controlling the loading of plugin at run-time. >> >> Thanks Much, >> -Yong Choo ====================================================================== Andreas Steffen [email protected] strongSwan - the Linux VPN Solution! www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]==
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
