FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.
0 votes
301 views 0 comments
by anonymous

Hi everyone,

We have a x509 certificate with extensions:

  •   Authority Information Access: OCSP
  • X509v3 CRL Distribution Points

The teltonika RUT240 does not succeed in validating the certificate by constraint because the curl module is missing:

The output  error log is the following:

unable to fetch from http://ipa-ca.exemple.com/ca/ocsp, no capable fetcher found

The statusall output is:

Status of IKE charon daemon (strongSwan 5.6.2, Linux 3.18.44, mips):
  uptime: 4 minutes, since Mar 30 11:57:34 2021
  malloc: sbrk 131072, mmap 0, used 110072, free 21000
  worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 1
  loaded plugins: charon aes des sha2 sha1 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs8 pgp pem gmp xcbc hmac kernel-netlink resolve socket-default stroke updown xauth-generic
Listening IP addresses:
  192.168.121.45
  2a01:e34:ec1a:acc0:21e:42ff:fe2d:33a9
  192.168.154.254

The AUTH exchange the both peers is OK.

However, the curl module is missing in charon by strongswan so none HTTP fetcher is available.

The firmware is :

  • RUT 240 : FW ver.: RUT2XX_R_00.01.14

Do you know how can I have this module enable with the firmware or on my router?

Thanks in advance.

1 Answer

0 votes
by anonymous

Hello,

You can install the strongswan curl module, from a ssh console do:

opkg update
opkg install strongswan-mod-curl

and restart ipsec.

Regards,

Best answer