Hi, Here is the scenario
IPSEC CRL is present in /etc/ipsec.d/crls for revoked certificate of other side. IPSEC tunnel is not established since certificate is revoked. Now remove CRL file from /etc/ipsec.d/crls/ and run these commands ipsec purgecrls ipsec rereadcrls Expected behaviour - IPSEC CRL cache should be flushed after purgecrls Now when ipsec rereadcrls is invoked, as now there are no crls in /etc/ipsec.d/crls, there should be no CRLs in the ipsec and hence ipsec listcrls should be empty. Also IPSEC tunnel should now get established without restarting ipsec. Actual behaviour ipsec purgecrls command does not flush the CRL cache. This we have verified using ipsec listcrls commands after flushing. ipsec tunnel is not established after crl is removed without restart. Thanks and regards, Shobhit
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
