OPNsense Forum
English Forums => General Discussion => Topic started by: Spirit on September 02, 2017, 12:36:18 pm
-
Hi,
i found some stange behavior to the local CA.
Here the Story to reproduce the issue.
I installed one BFW ready with CA and a VPN (VPN without CA but PSK)
After i was done, i took a backup und put it into FW number 2.
Created a new CA, removed the CA from FW1 (was there due to the backup/restore) and change VPN, local Network and WAN IPs.
Now i found this in the VPN log from FW2 (Sanitize the Logfile):
Sep 2 11:58:35 charon: 08[CFG] rereading aa certificates from '/usr/local/etc/ipsec.d/aacerts'
Sep 2 11:58:35 charon: 08[CFG] loaded ca certificate "C=DE, ST=Land, L=Stadt1, O=friend1, E=xxx@gmx.de, CN=internal-ca-CO-FW02" from '/usr/local/etc/ipsec.d/cacerts/xxxxxxxx.0.crt'
Sep 2 11:58:35 charon: 08[CFG] loaded ca certificate "C=DE, ST=NRW, L=Stadt2, O=me, E=yyy@email.com, CN=internal-ca-FW01" from '/usr/local/etc/ipsec.d/cacerts/yyyyyyyy.0.crt'
Sep 2 11:58:35 charon: 08[CFG] rereading ca certificates from '/usr/local/etc/ipsec.d/cacerts'
It seems the he is still reading the yyyyyyyy.0.crt which was deleted by me within the console. It is also not visible any more.
I reproduced the issue with version 17.7