[Swan-dev] 182 "westnet-eastnet-ikev2" #2: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048}
Paul Wouters
paul at nohats.ca
Wed Mar 11 14:48:49 UTC 2020
On Wed, 11 Mar 2020, Andrew Cagney wrote:
>> It is, but it was easy. But those can be changed to "ipsec briefstatus"
>> which also just displays the states, without depending on the STATE_
>> string. But it will change the output slightly so it will require fixing
>> up a bunch of tests.
>
> Is that sufficient. For instance:
>
> --- MASTER/testing/pluto/certoe-18-pass-then-go-slash24-keyingtries1/road.console.txt
> +++ OUTPUT/testing/pluto/certoe-18-pass-then-go-slash24-keyingtries1/road.console.txt
> @@ -105,11 +105,14 @@
> # there should be no %pass shunts on either side and an active
> tunnel and no partial IKE states
> road #
> ipsec briefstatus
> -000 #2: "private-or-clear#192.1.2.0/24"[2] ...192.1.2.23:500
> STATE_PARENT_R2 (received v2I2, PARENT SA established); EVENT_SA_REKEY
> in XXs; newest ISAKMP; idle;
> -000 #3: "private-or-clear#192.1.2.0/24"[2] ...192.1.2.23:500
> STATE_V2_IPSEC_R (IPsec SA established); EVENT_SA_REKEY in XXs; newest
> IPSEC; eroute owner; isakmp#2; idle;
> +000
> +000 State Information: DDoS cookies not required, Accepting new IKE connections
> +000 IKE SAs: total(1), half-open(0), open(0), authenticated(1), anonymous(0)
> +000 IPsec SAs: total(1), authenticated(1), anonymous(0)
> +000
Ohh, I was wrong. It only displays the header, not the states. I guess
we should add one that just lists the states - without the header.
Paul
More information about the Swan-dev
mailing list