[Openswan Users] tunnel has multiple instances

jef peeraer jef.peeraer at pandora.be
Mon Oct 18 19:11:01 CEST 2004 

i have a roadwarrior-gateway configuration with rsasig. in my setup, there are 
three tunnels. if i run 'ipsec auto --status', i can see that the first 
tunnel has more instances than normal. 
gateway is freeswan 1.98b, roadwarrior is  freeswan-2.04_1.5.4-1.6, with 
keernel 2.6.5-7.104-smp and ipsec compiled in.



jef peeraer


# ipsec auto --status
000 interface lo/lo ::1
000 interface lo/lo 127.0.0.1
000 interface eth0/eth0 192.168.50.2
000 interface eth1/eth1 192.168.50.129
000 %myid = (none)
000 debug none
000
000 "dekempen_turnhout2": 192.168.50.0/25===192.168.50.2
[@dekempen_turnhout.deterp.be]---192.168.50.1...217.67.233.1---gateway_fixed_ip[@master.deterp.be]===192.168.0.0/24; 
erouted; eroute owner: #300
000 "dekempen_turnhout2":   ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 
540s; rekey_fuzz: 100%; keyingtries: 0
000 "dekempen_turnhout2":   policy: RSASIG+ENCRYPT+TUNNEL+PFS+UP; prio: 25,24; 
interface: eth0;
000 "dekempen_turnhout2":   newest ISAKMP SA: #308; newest IPsec SA: #300;
000 "dekempen_turnhout3": 192.168.50.0/25===192.168.50.2
[@dekempen_turnhout.deterp.be]---192.168.50.1...217.67.233.1---gateway_fixed_ip[@master.deterp.be]; 
erouted; eroute owner: #291
000 "dekempen_turnhout3":   ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 
540s; rekey_fuzz: 100%; keyingtries: 0
000 "dekempen_turnhout3":   policy: RSASIG+ENCRYPT+TUNNEL+PFS+UP; prio: 25,32; 
interface: eth0;
000 "dekempen_turnhout3":   newest ISAKMP SA: #0; newest IPsec SA: #291;
000 "dekempen_turnhout4": 192.168.50.128/25===192.168.50.2
[@dekempen_turnhout.deterp.be]---192.168.50.1...217.67.233.1---gateway_fixed_ip[@master.deterp.be]===192.168.0.0/24; 
erouted; eroute owner: #301
000 "dekempen_turnhout4":   ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 
540s; rekey_fuzz: 100%; keyingtries: 0
000 "dekempen_turnhout4":   policy: RSASIG+ENCRYPT+TUNNEL+PFS+UP; prio: 25,24; 
interface: eth0;
000 "dekempen_turnhout4":   newest ISAKMP SA: #0; newest IPsec SA: #301;
000
000 #300: "dekempen_turnhout2" STATE_QUICK_I2 (sent QI2, IPsec SA 
established); EVENT_SA_REPLACE in 6337s; newest IPSEC;eroute owner
000 #300: "dekempen_turnhout2" esp.e272b108 at gateway_fixed_ip 
esp.62b23367 at 192.168.50.2 tun.0 at 217.67.233.162 tun.0 at 192.168.50.2
000 #299: "dekempen_turnhout2" STATE_QUICK_I2 (sent QI2, IPsec SA 
established); EVENT_SA_REPLACE in 6645s
000 #299: "dekempen_turnhout2" esp.e272b107 at gateway_fixed_ip 
esp.8158dccd at 192.168.50.2 tun.0 at 217.67.233.162 tun.0 at 192.168.50.2
000 #297: "dekempen_turnhout2" STATE_QUICK_I2 (sent QI2, IPsec SA 
established); EVENT_SA_REPLACE in 6582s
000 #297: "dekempen_turnhout2" esp.e272b105 at gateway_fixed_ip 
esp.a33ea9bf at 192.168.50.2 tun.0 at 217.67.233.162 tun.0 at 192.168.50.2
000 #296: "dekempen_turnhout2" STATE_QUICK_I2 (sent QI2, IPsec SA 
established); EVENT_SA_REPLACE in 6558s
000 #296: "dekempen_turnhout2" esp.e272b104 at gateway_fixed_ip 
esp.859ee6eb at 192.168.50.2 tun.0 at 217.67.233.162 tun.0 at 192.168.50.2
000 #295: "dekempen_turnhout2" STATE_QUICK_I2 (sent QI2, IPsec SA 
established); EVENT_SA_REPLACE in 6739s
000 #295: "dekempen_turnhout2" esp.e272b103 at gateway_fixed_ip 
esp.8c5a7b4e at 192.168.50.2 tun.0 at 217.67.233.162 tun.0 at 192.168.50.2
000 #294: "dekempen_turnhout2" STATE_QUICK_I2 (sent QI2, IPsec SA 
established); EVENT_SA_REPLACE in 6404s
000 #294: "dekempen_turnhout2" esp.e272b102 at gateway_fixed_ip 
esp.76dae21b at 192.168.50.2 tun.0 at 217.67.233.162 tun.0 at 192.168.50.2
000 #293: "dekempen_turnhout2" STATE_QUICK_I2 (sent QI2, IPsec SA 
established); EVENT_SA_REPLACE in 6361s
000 #293: "dekempen_turnhout2" esp.e272b101 at gateway_fixed_ip 
esp.60bfb5f2 at 192.168.50.2 tun.0 at 217.67.233.162 tun.0 at 192.168.50.2
000 #290: "dekempen_turnhout2" STATE_QUICK_I2 (sent QI2, IPsec SA 
established); EVENT_SA_REPLACE in 6520s
000 #290: "dekempen_turnhout2" esp.e272b0fe at gateway_fixed_ip 
esp.4938b9d4 at 192.168.50.2 tun.0 at 217.67.233.162 tun.0 at 192.168.50.2
000 #308: "dekempen_turnhout2" STATE_MAIN_I4 (ISAKMP SA established); 
EVENT_SA_REPLACE in 1217s; newest ISAKMP
000 #291: "dekempen_turnhout3" STATE_QUICK_I2 (sent QI2, IPsec SA 
established); EVENT_SA_REPLACE in 6708s; newest IPSEC;eroute owner
000 #291: "dekempen_turnhout3" esp.e272b0ff at gateway_fixed_ip 
esp.569b0891 at 192.168.50.2 tun.0 at 217.67.233.162 tun.0 at 192.168.50.2
000 #301: "dekempen_turnhout4" STATE_QUICK_I2 (sent QI2, IPsec SA 
established); EVENT_SA_REPLACE in 6688s; newest IPSEC;eroute owner
000 #301: "dekempen_turnhout4" esp.e272b109 at gateway_fixed_ip 
esp.a25d3a93 at 192.168.50.2 tun.0 at 217.67.233.162 tun.0 at 192.168.50.2
000 #298: "dekempen_turnhout4" STATE_QUICK_I2 (sent QI2, IPsec SA 
established); EVENT_SA_REPLACE in 6758s
000 #298: "dekempen_turnhout4" esp.e272b106 at gateway_fixed_ip 
esp.aa2347c9 at 192.168.50.2 tun.0 at 217.67.233.162 tun.0 at 192.168.50.2
000 #292: "dekempen_turnhout4" STATE_QUICK_I2 (sent QI2, IPsec SA 
established); EVENT_SA_REPLACE in 6377s
000 #292: "dekempen_turnhout4" esp.e272b100 at gateway_fixed_ip 
esp.544b36c at 192.168.50.2 tun.0 at 217.67.233.162 tun.0 at 192.168.50.2
000

More information about the Users mailing list