[Swan] ipsec whack individual connections

John Crisp jcrisp at safeandsoundit.co.uk
Thu Feb 19 22:38:51 EET 2015


I am trying to get my head round how to do two (relatively)
straightforward things on CentOS 6. I am trying to script some simple
setups and confs. I can currently generate conf and secrets files which
are fine, but would like to be able to individually stop/restart

First is how to identify connections that are 'up' (though I guess that
I could ignore this and restart them regardless of state)

ipsec status does not provide a simple "myConnection up" type status
that you can grep

I thought the closest might be in this line :

#1: "MyConnection":500 STATE_MAIN_R3 (sent MR3, ISAKMP SA established).....

But I am not sure.

Next is how to restart and individual connection using whack. I don't
seem to be able to easily identify the various connections.

I have tried 'myid' in /etc/ipsec.d/ipsec.conf but can't seem to get
something working.

Surely if I have a conn entry in the ipsec.conf file I should be able to
do something like

ipsec whack MyConnection

But it seems that this is far too simplistic !

Any suggestions or help gratefully appreciated.

B. Rgds

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20150219/829180cc/attachment.sig>

More information about the Swan mailing list