path: root/README.md
diff options
authorKaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>2018-09-05 14:10:18 +0300
committerKaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>2018-09-05 14:13:26 +0300
commit265aaf936458d4732e0fc10ba558a36129239a9a (patch)
tree96cb7104933ce6ad5a1a97902436cbc9b952625b /README.md
parent914f1ba712a798ecfe77e87567d13b23510f0797 (diff)
README: CRL distribution
Diffstat (limited to 'README.md')
1 files changed, 21 insertions, 0 deletions
diff --git a/README.md b/README.md
index 44594a1..22ed21c 100644
--- a/README.md
+++ b/README.md
@@ -19,6 +19,11 @@ configuration is used:
- ''
- ''
- 'fd00::/32'
+ dist-point: 'http://crl.example.com/dmvpn-ca.crl'
+ lifetime: 1800
+ renewal: 1200
The `hosts` attribute specifies the IPv4 addresses of the hubs or DNS name(s)
@@ -29,6 +34,9 @@ The `subnets` attribute is a list of subnets used in the VPN. This should
include the address ranges of all sites and the GRE tunnel addresses. In this
example, the following IP address scheme is used:
+The `crl` object should be left out unless the CRL distribution point will be
<tr><td>Hub GRE address</td><td>172.18.0.&lt;hub id&gt;</td><td>fd00::&lt;hub id&gt;</td></tr>
@@ -92,6 +100,19 @@ private key, and the root certificate. The password is embedded in the file
name. The file should be renamed when using out-of-band delivery for the
+## Setting Up CRL Distribution Point
+In this example, the CA host serves also as the CRL distribution point. It is
+assumed that `crl.example.com` resolves to the IP address of that host.
+Execute the following commands on the CA host to set up CRL distribution:
+<pre>apk add dmvpn-crl-dp
+rc-update add lighttpd
+rc-service lighttpd start
## Setting Up a Hub
Install the `dmvpn` package on the host to be configured as a DMVPN hub. It is