root@hub2-nhrp:/home/jon# swanctl --list-conns
dmvpn: IKEv2, reauthentication every 46800s, rekeying every 14400s
local: %any
remote: %any
local pre-shared key authentication:
id: hub2@optimusnetworks.cloud
remote pre-shared key authentication:
id: hub6@optimusnetworks.cloud
dmvpn: TRANSPORT, rekeying every 6000s
local: dynamic[gre]
remote: dynamic[gre]
root@hub2-nhrp:/home/jon# swanctl --list-sas
root@hub2-nhrp:/home/jon# vtysh
This is a git build of frr-3.0-rc0-1039-gff9f629d
hub2-nhrp# show dmvpn
Src Dst Flags SAs Identity
(unspec) 51.15.49.245 n 0
hub2-nhrp# show ip nhrp cache
% No entries
hub2-nhrp#
On Tue, 1 Aug 2017 at 12:55 M87tech [Jon] <m87t...@gmail.com> wrote:
> Here are the results:
>
> root@hub2-nhrp:/home/jon# swanctl --list-conns
> dmvpn: IKEv2, reauthentication every 46800s, rekeying every 14400s
> local: %any
> remote: %any
> local pre-shared key authentication:
> id: hub2@optimusnetworks.cloud
> remote pre-shared key authentication:
> id: hub6@optimusnetworks.cloud
> dmvpn: TRANSPORT, rekeying every 6000s
> local: dynamic[gre]
> remote: dynamic[gre]
>
>
> root@hub2-nhrp:/home/jon# swanctl --list-sas
> ^^^ no output here
>
> hub2-nhrp# show dmvpn
> Src Dst Flags SAs Identity
>
> (unspec) 51.15.49.245 n 0
>
> hub2-nhrp# show ip nhrp cache
> % No entries
>
>
>
> hub2-nhrp#
>
> On Tue, 1 Aug 2017 at 10:02 M87tech [Jon] <m87t...@gmail.com> wrote:
>
>> NHRPd has never automatically created the SA. The only way I could do
>> this was with the manual swanctl command yesterday.
>>
>> Also there are no error messages.
>>
>> I'll try those commands shortly.
>>
>> Cheers,
>> Jon.
>>
>> On Tue, 1 Aug 2017 at 09:54 Timo Teras <timo.te...@iki.fi> wrote:
>>
>>> On Tue, 01 Aug 2017 08:49:07 +0000
>>> "M87tech [Jon]" <m87t...@gmail.com> wrote:
>>>
>>> > I think that is why there is not automatic SA established, because
>>> > there is no GRE traffic to trigger the swanctl policy in the first
>>> > place. Thats why only the manual command establishes the child SA.
>>>
>>> No. Again, nhrpd requests strongSwan to establish SA. Until strongSwan
>>> acks active SA back to nhrpd, it's not going to attempt to send any
>>> nhrp messages. In dmvpn nhrp is driving IKE; IKE is not being driven by
>>> the traffic acquire like in ike tunnel mode.
>>>
>>> So after starting from clean slate. Is strongSwan now establishing
>>> SA's? Are they fully established?
>>>
>>> What does say:
>>> swanctl --list-conns
>>> swanctl --list-sas
>>>
>>> And nhrpd's:
>>> show dmvpn
>>> show ip nhrp cache
>>>
>>> Timo
>>>
>> --
>> M87 TECH
>> Jon Clayton
>>
>> --
> M87 TECH
> Jon Clayton
>
> --
M87 TECH
Jon Clayton
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
opennhrp-devel mailing list
opennhrp-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/opennhrp-devel
