[Openswan Users] Are the these coomands the same (in effect)?

[Paul Wouters]

On Tue, 25 Apr 2006, Joost Kraaijeveld wrote:

> Paul Wouters wrote:
> > You need ipsec auto --replace followed by ipsec auto --up
> OK, I did that, and it seems to work. I do not understand the messages I am getting: they look as if there is something wrong. Maybe I should brush up Openswan messages, but from where?
>
> Laudanum:~# ipsec auto --replace askesis-muntpost
> Laudanum:~# ipsec auto --up askesis-muntpost
> 117 "askesis-muntpost" #659: STATE_QUICK_I1: initiate
> 010 "askesis-muntpost" #659: STATE_QUICK_I1: retransmission; will wait 20s for response
> 010 "askesis-muntpost" #659: STATE_QUICK_I1: retransmission; will wait 40s for response
> 031 "askesis-muntpost" #659: max number of retransmissions (2) reached STATE_QUICK_I1
> 000 "askesis-muntpost" #659: starting keying attempt 2 of at most 3, but releasing whack

That's odd. It seems to think the phase-1 is still up, and --up only does a phase-2 initiate.
It should be doing both a phase 1 and phase 2 after a --replace. Are you sure the other
end did not immediately reconnect when you did --replace ? Because that would explain why
we only see phase-2. here.
It still does not really explain why the phase-2 packets are never answered....

Paul
-- 
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155