Test ikev2/crl-revoked

strongSwan KVM Tests / ikev2 / crl-revoked

Test ikev2/crl-revoked

Description

By setting revocation = strict a strict CRL policy is enforced on both roadwarrior carol and gateway moon. The remote host carol initiates the connection and presents a certificate that has been revoked by the current CRL causing the IKE negotiation to fail.

console.log

moon

swanctl.conf
swanctl --list-conns
swanctl --list-certs
strongswan.conf
ipsec.sql

swanctl --list-sas|--list-pols
swanctl --list-pools
swanctl --list-authorities
swanctl --stats|--list-algs
auth.log
daemon.log

ip -s xfrm policy
ip -s xfrm state
ip route list table 220
iptables -L
iptables-save

carol

swanctl.conf
swanctl --list-conns
swanctl --list-certs
strongswan.conf
ipsec.sql

swanctl --list-sas|--list-pols
swanctl --list-pools
swanctl --list-authorities
swanctl --stats|--list-algs
auth.log
daemon.log

ip -s xfrm policy
ip -s xfrm state
ip route list table 220
iptables -L
iptables-save

Test ikev2/crl-revoked

Description

moon

carol

tcpdump