[Openswan Users] 1.0.8 <-> 2.3.1

Dmitry Melekhov dm at belkam.com
Wed Jun 1 16:51:26 CEST 2005


I just installed 2.3.1 instead of 1.0.8 on one host, another still has 
After some time I found that ipsec doesn't work... May be there was link 
problem for some time.
Here is what I had on 2.3.1 side.

# ipsec whack --status |grep u304
000 "u304":; 
erouted; eroute owner: #40
000 "u304":     srcip=unset; dstip=unset
000 "u304":   ike_life: 3600s; ipsec_life: 3600s; rekey_margin: 540s; 
rekey_fuzz: 100%; keyingtries: 0
000 "u304":   policy: PSK+ENCRYPT+COMPRESS+TUNNEL+PFS+UP; prio: 0,24; 
interface: eth1;
000 "u304":   newest ISAKMP SA: #47; newest IPsec SA: #40;
000 "u304":   IKE algorithm newest: 3DES_CBC_192-MD5-MODP1536
000 #47: "u304":500 STATE_MAIN_I4 (ISAKMP SA established); 
EVENT_SA_REPLACE in 2570s; newest ISAKMP; nodpd
000 #40: "u304":500 STATE_QUICK_I2 (sent QI2, IPsec SA established); 
EVENT_SA_REPLACE in 2366s; newest IPSEC; eroute owner
000 #40: "u304" used 83s ago; esp.d9cc1d43 at 
esp.e77dd87f at comp.3f7e at 
comp.836e at tun.1030 at tun.102f at
000 #36: "u304":500 STATE_MAIN_I4 (ISAKMP SA established); 
EVENT_SA_EXPIRE in 923s; nodpd
000 #30: "u304":500 STATE_QUICK_I2 (sent QI2, IPsec SA established); 
000 #30: "u304" esp.d9cc1d42 at 
esp.e77dd87a at comp.3f7d at 
comp.8369 at tun.1026 at tun.1025 at

Is this OK?
I hadn't such state with 1.0.8. What does EVENT_SA_EXPIRE mean?

More information about the Users mailing list