[Swan] ipsec whack individual connections

John Crisp jcrisp at safeandsoundit.co.uk
Wed Feb 25 18:17:47 EET 2015 

On 20/02/15 13:12, John Crisp wrote:

>>> First is how to identify connections that are 'up' (though I guess that
>>> I could ignore this and restart them regardless of state)
>>>
>>
>> That's just the phase1/parent. You should look for:
> 
> 
> I have pasted the ipsec status output below - I don't seem to see
> anything similar to your output !
> 

Ah - as a follow up I just found ipsec whack --status and get :

000 #3580: "vps-to-site1-voip":500 STATE_QUICK_I2 (sent QI2, IPsec SA
established); EVENT_SA_REPLACE in 2847s; newest IPSEC; eroute owner;
isakmp#1788; idle; import:admin initiate

000 #3360: "vps-to-site1-voip":500 STATE_QUICK_I2 (sent QI2, IPsec SA
established); EVENT_SA_EXPIRE in 532s; isakmp#1788; idle; import:admin
initiate

000 #1788: "vps-to-site1-voip":500 STATE_MAIN_I4 (ISAKMP SA
established); EVENT_SA_REPLACE in 391s; newest ISAKMP; lastdpd=4s(seq
in:4587 out:0); idle; import:admin initiate

000 #3469: "vps-to-site2-voip":500 STATE_QUICK_R2 (IPsec SA
established); EVENT_SA_REPLACE in 1932s; isakmp#3468; idle; import:not set

000 #3494: "vps-to-site2-voip":500 STATE_QUICK_R2 (IPsec SA
established); EVENT_SA_REPLACE in 2240s; newest IPSEC; eroute owner;
isakmp#3493; idle; import:not set

000 #3493: "vps-to-site2-voip":500 STATE_MAIN_R3 (sent MR3, ISAKMP SA
established); EVENT_SA_REPLACE in 27439s; newest ISAKMP; lastdpd=13s(seq
in:18606 out:0); idle; import:not set

000 #3552: "vps-to-site3-voip":500 STATE_QUICK_R2 (IPsec SA
established); EVENT_SA_REPLACE in 2875s; newest IPSEC; eroute owner;
isakmp#3551; idle; import:not set

000 #3551: "vps-to-site3-voip":500 STATE_MAIN_R3 (sent MR3, ISAKMP SA
established); EVENT_SA_REPLACE in 28075s; newest ISAKMP; lastdpd=-1s(seq
in:0 out:0); idle; import:not set


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20150225/3de361cf/attachment.sig>

More information about the Swan mailing list