Test ikev2/crl-to-cache

strongSwan KVM Tests / ikev2 / crl-to-cache

Test ikev2/crl-to-cache

Description

By setting cache_crls = yes in /etc/strongswan.conf, a copy of both the base CRL and the latest delta CRL fetched via http from the web server winnetou is saved locally in the directory /etc/swanctl/x509crl on both the roadwarrior carol and the gateway moon when the IPsec connection is set up. The subjectKeyIdentifier of the issuing CA plus the suffixes .crl and _delta.crl are used as unique filename for the cached base CRL and delta CRL, respectively.

console.log

moon

swanctl.conf
swanctl --list-conns
swanctl --list-certs
strongswan.conf
ipsec.sql

swanctl --list-sas|--list-pols
swanctl --list-pools
swanctl --list-authorities
swanctl --stats|--list-algs
auth.log
daemon.log

ip -s xfrm policy
ip -s xfrm state
ip route list table 220
iptables -L
iptables-save

carol

swanctl.conf
swanctl --list-conns
swanctl --list-certs
strongswan.conf
ipsec.sql

swanctl --list-sas|--list-pols
swanctl --list-pools
swanctl --list-authorities
swanctl --stats|--list-algs
auth.log
daemon.log

ip -s xfrm policy
ip -s xfrm state
ip route list table 220
iptables -L
iptables-save