[Openswan Users] Dynamic CRL fetching

Gregor Bethlen saphira at bethlen.de
Thu Aug 19 13:23:44 CEST 2004


I tried the dynamic CRL fetching, but I failed. Maybe I did something wrong (in fact, I think I did).

I putted


in ipsec.conf. I changed the Makefile of pluto to use Ldap v3. I installed openldap2-devel and curl-devel (not sure if I need the later one). make programs && make install

When I try to establish a connection between a Windows-VPN-RW and the Openswan-installation, I get a connection. But doing a

ipsec auto --listcrls

lists only the crls stored in ipsec.d/crls, it seems the system does not fetch any other crls. I doesn't show the "distPts:"-entry on the --listscrls-entry.

I got 2 CDPs defined in each certificate, 1 HTTP and 1 LDAP. None works.

Is there another thing I must do to activate dynamic crl-fetching?

I'm working with openswan-2.1.4 on SuSE Linux 9.1. Along with this comes openssl 0.9.7d which has some bugs, but since everything else works fine ...

Thanks for your help,

Aufnehmen, abschicken, nah sein - So einfach ist 
WEB.DE Video-Mail: http://freemail.web.de/?mc=021200

More information about the Users mailing list