From 265aaf936458d4732e0fc10ba558a36129239a9a Mon Sep 17 00:00:00 2001 From: Kaarle Ritvanen Date: Wed, 5 Sep 2018 14:10:18 +0300 Subject: README: CRL distribution --- README.md | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/README.md b/README.md index 44594a1..22ed21c 100644 --- a/README.md +++ b/README.md @@ -19,6 +19,11 @@ configuration is used: - '10.0.0.0/8' - '172.18.0.0/16' - 'fd00::/32' + +crl: + dist-point: 'http://crl.example.com/dmvpn-ca.crl' + lifetime: 1800 + renewal: 1200 The `hosts` attribute specifies the IPv4 addresses of the hubs or DNS name(s) @@ -29,6 +34,9 @@ The `subnets` attribute is a list of subnets used in the VPN. This should include the address ranges of all sites and the GRE tunnel addresses. In this example, the following IP address scheme is used: +The `crl` object should be left out unless the CRL distribution point will be +configured. + @@ -92,6 +100,19 @@ private key, and the root certificate. The password is embedded in the file name. The file should be renamed when using out-of-band delivery for the password. +## Setting Up CRL Distribution Point + +In this example, the CA host serves also as the CRL distribution point. It is +assumed that `crl.example.com` resolves to the IP address of that host. + +Execute the following commands on the CA host to set up CRL distribution: + +
apk add dmvpn-crl-dp
+dmvpn-crl-update
+rc-update add lighttpd
+rc-service lighttpd start
+
+ ## Setting Up a Hub Install the `dmvpn` package on the host to be configured as a DMVPN hub. It is -- cgit v1.2.3
IPv4IPv6
Hub GRE address172.18.0.<hub id>fd00::<hub id>