Re: [opennhrp-devel] nhrpd / quagga frr 3.0

Tue, 01 Aug 2017 04:56:40 -0700 

Here are the results:

root@hub2-nhrp:/home/jon#  swanctl --list-conns
dmvpn: IKEv2, reauthentication every 46800s, rekeying every 14400s
  local:  %any
  remote: %any
  local pre-shared key authentication:
    id: hub2@optimusnetworks.cloud
  remote pre-shared key authentication:
    id: hub6@optimusnetworks.cloud
  dmvpn: TRANSPORT, rekeying every 6000s
    local:  dynamic[gre]
    remote: dynamic[gre]


root@hub2-nhrp:/home/jon#  swanctl --list-sas
^^^ no output here

hub2-nhrp#  show dmvpn
Src                      Dst                      Flags  SAs  Identity

(unspec)                 51.15.49.245             n      0

hub2-nhrp#  show ip nhrp cache
% No entries



hub2-nhrp#

On Tue, 1 Aug 2017 at 10:02 M87tech [Jon] <m87t...@gmail.com> wrote:

> NHRPd has never automatically created the SA.  The only way I could do
> this was with the manual swanctl command yesterday.
>
> Also there are no error messages.
>
> I'll try those commands shortly.
>
> Cheers,
> Jon.
>
> On Tue, 1 Aug 2017 at 09:54 Timo Teras <timo.te...@iki.fi> wrote:
>
>> On Tue, 01 Aug 2017 08:49:07 +0000
>> "M87tech [Jon]" <m87t...@gmail.com> wrote:
>>
>> > I think that is why there is not automatic SA established, because
>> > there is no GRE traffic to trigger the swanctl policy in the first
>> > place.  Thats why only the manual command establishes the child SA.
>>
>> No. Again, nhrpd requests strongSwan to establish SA. Until strongSwan
>> acks active SA back to nhrpd, it's not going to attempt to send any
>> nhrp messages. In dmvpn nhrp is driving IKE; IKE is not being driven by
>> the traffic acquire like in ike tunnel mode.
>>
>> So after starting from clean slate. Is strongSwan now establishing
>> SA's? Are they fully established?
>>
>> What does say:
>>  swanctl --list-conns
>>  swanctl --list-sas
>>
>> And nhrpd's:
>>  show dmvpn
>>  show ip nhrp cache
>>
>> Timo
>>
> --
> M87 TECH
> Jon Clayton
>
> --
M87 TECH
Jon Clayton

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
opennhrp-devel mailing list
opennhrp-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/opennhrp-devel

Reply via email to