Configuring OCSP FQDN Resolution on a specific network interface #2257
Replies: 3 comments 3 replies
-
Configure the routes differently? |
Beta Was this translation helpful? Give feedback.
-
Thanks @tobiasbrunner . Does it mean that OCSP URL will be resolved using libcurl, but traffic towards resolved IP(OCSP responder) will be sent using source IP mentioned in "local_addrs=" parameter in swanctl.conf? We tested this scenario. Observation is OCSP request is going via default interface. But we want OCSP request to go via IP mentioned in "local_addrs=" parameter. How this can be achieved? |
Beta Was this translation helpful? Give feedback.
-
Thanks @tobiasbrunner . OCSP request goes via default interface or via "local_addrs" configured swanct.conf? |
Beta Was this translation helpful? Give feedback.
-
We are using strongswan 5.9.14 with OCSP enabled in strongswan.conf and revocation=ifuri set in swanctl.conf.
Currently, the OCSP FQDN resolution occurs on interface where default route is configured.
We need the OCSP FQDN resolution to be performed using a different interface(i.e netcsec). How can we achieve this?
Note: Currently netcsec interface is used to communicate with security gateway
Pasting the below outputs
ip addr show
ip route show
ip rule list
ip route show table 101
Beta Was this translation helpful? Give feedback.
All reactions