[Openswan Users] Deleting a specific RoadWarrior connection
John A. Sullivan III
jsullivan at opensourcedevel.com
Wed Sep 14 01:21:26 CEST 2005
Every once in a while we have a RoadWarrior connection which goes out of
sync. One side thinks the SA is expires while the other does not. How
do we clear a specific SA from an openswan gateway?
Let's say I have a connection like:
conn RAS
right=%any
rightsubnet=vnet:%priv,%no
leftsubnet=0.0.0.0/0.0.0.0
etc . . .
Any number of RoadWarriors will connect using this definition but my
understanding is that they are all moved to unique entries in the SAD
and SPD. If I do something like:
ipsec auto --delete RAS
I will reset all the RoadWarriors but, if I do something like:
ipsec auto -delete RAS[6] (the way it shows up in ipsec auto --status)
it complains that it does not recognize that connection.
So, how do I clear the one RoadWarrior without resetting all the rest?
Thanks - John
--
John A. Sullivan III
Open Source Development Corporation
+1 207-985-7880
jsullivan at opensourcedevel.com
If you would like to participate in the development of an open source
enterprise class network security management system, please visit
http://iscs.sourceforge.net
More information about the Users
mailing list