Re: [strongSwan] connection disappeared from ipsec statusall

Thu, 22 Sep 2011 06:21:07 -0700

Please remove my email from this list.


-----Original Message-----
From: Felix Shao
Sent: Sep 22, 2011 12:53 AM
To: Andreas Steffen
Cc: [email protected]
Subject: Re: [strongSwan] connection disappeared from ipsec statusall

Sorry, I should have "reply to all":

Hello Andreas,

Thank you for your reply!

but I did not established any SA, as you can see in both case, there is only a "none" in Security Associations: section.

Let me clarify my question:
I have this line in my /etc/ipsec.conf:

include /etc/ipsec.d/conns/*.conn

1.conn and 2.conn are placed in the conn directory with same configuration except connection name,

After I remove file 2.conn from the directory, I expect to see that there is only connection information for 1.conn in Connections section of "ipsec statusall" output,
however, the result is nothing remaining in the Connections section after "ipsec update"

After I restart charon by "ipsec stop" and "ipsec start", the connection information came back.

test result:


root@myserver:/etc/ipsec.d/conns# ipsec statusall
Status of IKEv2 charon daemon (strongSwan 4.5.0):
  uptime: 2 seconds, since Sep 22 13:39:54 2011

  malloc: sbrk 262144, mmap 0, used 125824, free 136320
  worker threads: 7 idle of 16, job queue load: 0, scheduled events: 0
  loaded plugins: test-vectors curl ldap aes des sha1 sha2 md5 random x509 revocation pubkey pkcs1 pgp pem openssl fips-prf gmp agent pkcs11 xcbc hmac ctr ccm gcm attr kernel-netlink resolve socket-raw farp stroke updown eap-identity eap-aka eap-md5 eap-gtc eap-mschapv2 eap-tls eap-ttls eap-tnc dhcp led addrblock
Listening IP addresses:
  10.2.2.2
Connections:                  
                       <======================== 1 and 2 are all present in Connections section

           2:  10.2.2.2...10.2.2.1
           2:   local:  [10.2.2.2] uses pre-shared key authentication
           2:   remote: [10.2.2.1] uses any authentication
           2:   child:  dynamic === dynamic
           1:   child:  dynamic === dynamic
Security Associations:
  none
root@myserver:/etc/ipsec.d/conns# mv 2.conn ~/.                            <======================== remove 2.conn from the directory

root@myserver:/etc/ipsec.d/conns# ipsec update
Updating strongSwan IPsec configuration...
root@myserver:/etc/ipsec.d/conns# ipsec statusall
Status of IKEv2 charon daemon (strongSwan 4.5.0):
  uptime: 28 seconds, since Sep 22 13:39:53 2011
  malloc: sbrk 258048, mmap 0, used 116488, free 141560

  worker threads: 7 idle of 16, job queue load: 0, scheduled events: 0
  loaded plugins: test-vectors curl ldap aes des sha1 sha2 md5 random x509 revocation pubkey pkcs1 pgp pem openssl fips-prf gmp agent pkcs11 xcbc hmac ctr ccm gcm attr kernel-netlink resolve socket-raw farp stroke updown eap-identity eap-aka eap-md5 eap-gtc eap-mschapv2 eap-tls eap-ttls eap-tnc dhcp led addrblock
Listening IP addresses:
  10.2.2.2
Connections:                                          <======================== There is nothing left in Connections section
Security Associations:
  none
root@myserver:/etc/ipsec.d/conns# ipsec stop && ipsec start              <========================restart charon
Stopping strongSwan IPsec...
Starting strongSwan 4.5.0 IPsec [starter]...

root@myserver:/etc/ipsec.d/conns# ipsec statusall
Status of IKEv2 charon daemon (strongSwan 4.5.0):
  uptime: 4 seconds, since Sep 22 13:40:31 2011
  malloc: sbrk 135168, mmap 0, used 123440, free 11728

  worker threads: 7 idle of 16, job queue load: 0, scheduled events: 0
  loaded plugins: test-vectors curl ldap aes des sha1 sha2 md5 random x509 revocation pubkey pkcs1 pgp pem openssl fips-prf gmp agent pkcs11 xcbc hmac ctr ccm gcm attr kernel-netlink resolve socket-raw farp stroke updown eap-identity eap-aka eap-md5 eap-gtc eap-mschapv2 eap-tls eap-ttls eap-tnc dhcp led addrblock
Listening IP addresses:
  10.2.2.2
Connections:
           1:  10.2.2.2...10.2.2.1                                          <======================== The connection 1 come back
           1:   local:  [10.2.2.2] uses pre-shared key authentication
           1:   remote: [10.2.2.1] uses any authentication

           1:   child:  dynamic === dynamic
Security Associations:
  none


LeRoy Grubbs
SKYPE - 816-565-4300


_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users

Reply via email to