Hi, Double check two things:
1 - Make sure the revocation plugin is loaded, use "ipsec statusall"
2- Make sure the crl is loaded, use " ipsec listcrls" --Jafar On 9/24/2021 3:14 PM, Modster, Anthony wrote:
Hello Does setting strict CRL policy to yes still work ? The CRL’s for TA and SCA are removed. Was expecting the VPN tunnel not to make a connection. strongSwan 5.8.2 # ipsec.conf - strongSwan IPsec configuration file # basic configuration config setup charondebug="ike 2,cfg 2" strictcrlpolicy=yes # uniqueids = no Teledyne Confidential; Commercially Sensitive Business Data
