[Swan] ipsec whack individual connections
John Crisp
jcrisp at safeandsoundit.co.uk
Thu Feb 19 22:38:51 EET 2015
Hi,
I am trying to get my head round how to do two (relatively)
straightforward things on CentOS 6. I am trying to script some simple
setups and confs. I can currently generate conf and secrets files which
are fine, but would like to be able to individually stop/restart
connections.
First is how to identify connections that are 'up' (though I guess that
I could ignore this and restart them regardless of state)
ipsec status does not provide a simple "myConnection up" type status
that you can grep
I thought the closest might be in this line :
#1: "MyConnection":500 STATE_MAIN_R3 (sent MR3, ISAKMP SA established).....
But I am not sure.
Next is how to restart and individual connection using whack. I don't
seem to be able to easily identify the various connections.
I have tried 'myid' in /etc/ipsec.d/ipsec.conf but can't seem to get
something working.
Surely if I have a conn entry in the ipsec.conf file I should be able to
do something like
ipsec whack MyConnection
But it seems that this is far too simplistic !
Any suggestions or help gratefully appreciated.
B. Rgds
John
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20150219/829180cc/attachment.sig>
More information about the Swan
mailing list