NHRPd has never automatically created the SA. The only way I could do this
was with the manual swanctl command yesterday.
Also there are no error messages.
I'll try those commands shortly.
Cheers,
Jon.
On Tue, 1 Aug 2017 at 09:54 Timo Teras <timo.te...@iki.fi> wrote:
> On Tue, 01 Aug 2017 08:49:07 +0000
> "M87tech [Jon]" <m87t...@gmail.com> wrote:
>
> > I think that is why there is not automatic SA established, because
> > there is no GRE traffic to trigger the swanctl policy in the first
> > place. Thats why only the manual command establishes the child SA.
>
> No. Again, nhrpd requests strongSwan to establish SA. Until strongSwan
> acks active SA back to nhrpd, it's not going to attempt to send any
> nhrp messages. In dmvpn nhrp is driving IKE; IKE is not being driven by
> the traffic acquire like in ike tunnel mode.
>
> So after starting from clean slate. Is strongSwan now establishing
> SA's? Are they fully established?
>
> What does say:
> swanctl --list-conns
> swanctl --list-sas
>
> And nhrpd's:
> show dmvpn
> show ip nhrp cache
>
> Timo
>
--
M87 TECH
Jon Clayton
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
opennhrp-devel mailing list
opennhrp-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/opennhrp-devel
