[Openswan Users] Related to connection _updown script

Utkarsh Shah utkarsh at elitecore.com
Tue Oct 17 02:02:42 EDT 2006


Hi,
    In _updown file
        in case of up-client:) added a script line to achieve it
       /bin/sh /usr/local/scripts/vpnmgt/utility/temp.sh $CONNNAME 
$PLUTO_PEER > /dev/null 2>&1 &
    when connection is initiated from peer it works fine but when it is 
initiated from local end, it establishes connection but control gets stuck

    [root at manage /root]# ipsec auto --up test
    104 "test_failover_1-1" #3: STATE_MAIN_I1: initiate
    003 "test_failover_1-1" #3: received Vendor ID payload [Openswan
    (this version) 2.4.5  X.509-1.5.4 LDAP_V3 PLUTO_SENDS_VENDORID
    PLUTO_USES_KEYRR]
    003 "test_failover_1-1" #3: received Vendor ID payload [Dead Peer
    Detection]
    003 "test_failover_1-1" #3: received Vendor ID payload [RFC 3947]
    method set to=110
    106 "test_failover_1-1" #3: STATE_MAIN_I2: sent MI2, expecting MR2
    003 "test_failover_1-1" #3: NAT-Traversal: Result using 3: no NAT
    detected
    108 "test_failover_1-1" #3: STATE_MAIN_I3: sent MI3, expecting MR3
    004 "test_failover_1-1" #3: STATE_MAIN_I4: ISAKMP SA established
    {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_md5
    group=modp1024}
    117 "test_failover_1-1" #4: STATE_QUICK_I1: initiate
    004 "test_failover_1-1" #4: STATE_QUICK_I2: sent QI2, IPsec SA
    established {ESP=>0xfce2aec3 <0x77585756 xfrm=3DES_0-HMAC_MD5
    NATD=none DPD=enabled}

    this means connection is established but after that control is not
    available to me.

    can we have control over it like if remote peer have initiated it 
then do certain task and if it is initiated from local end it should 
perform different task ?

    thanks for your help

Thanks & Regards,
Utkarsh Shah


Paul Wouters wrote:
> On Mon, 16 Oct 2006, Utkarsh Shah wrote:
>
>   
>>     "users-request at openswan.org" <users-request at openswan.org>
>>     
>
> dont mail to that address pleaswe.
>
>   
>>     I like to execute a script at time connection gets established in
>> background and like to stop it when connection is stopped.
>>     I tried using _updown script but it gets stuck if any of its child
>> process is going on.
>>     
>
> you can't call a subshell?
>
> You could always "touch" some file somewhere and have a daemon check for
> the existence of the file?
>
> Paul
>   

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20061017/e674c4b7/attachment.html 


More information about the Users mailing list