[Swan-dev] 182 "westnet-eastnet-ikev2" #2: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048}

Andrew Cagney andrew.cagney at gmail.com
Wed Mar 11 14:46:27 UTC 2020


On Wed, 11 Mar 2020 at 09:10, Paul Wouters <paul at nohats.ca> wrote:

> > I pulled the first part of the change as I discovered tests running:
> >   ipsec status | grep STATE_
> > that's wrong at so many levels.
>
> It is, but it was easy. But those can be changed to "ipsec briefstatus"
> which also just displays the states, without depending on the STATE_
> string. But it will change the output slightly so it will require fixing
> up a bunch of tests.

Is that sufficient.  For instance:

--- MASTER/testing/pluto/certoe-18-pass-then-go-slash24-keyingtries1/road.console.txt
+++ OUTPUT/testing/pluto/certoe-18-pass-then-go-slash24-keyingtries1/road.console.txt
@@ -105,11 +105,14 @@
  # there should be no %pass shunts on either side and an active
tunnel and no partial IKE states
 road #
  ipsec briefstatus
-000 #2: "private-or-clear#192.1.2.0/24"[2] ...192.1.2.23:500
STATE_PARENT_R2 (received v2I2, PARENT SA established); EVENT_SA_REKEY
in XXs; newest ISAKMP; idle;
-000 #3: "private-or-clear#192.1.2.0/24"[2] ...192.1.2.23:500
STATE_V2_IPSEC_R (IPsec SA established); EVENT_SA_REKEY in XXs; newest
IPSEC; eroute owner; isakmp#2; idle;
+000
+000 State Information: DDoS cookies not required, Accepting new IKE connections
+000 IKE SAs: total(1), half-open(0), open(0), authenticated(1), anonymous(0)
+000 IPsec SAs: total(1), authenticated(1), anonymous(0)
+000


More information about the Swan-dev mailing list