[Openswan Users] Openswan ipsec tunnel reestablishment
Paul Wouters
paul at xelerance.com
Wed Jul 6 10:35:53 EDT 2011
On Wed, 6 Jul 2011, Vasanth Ragavendran wrote:
> I am using openswan 2.6.29 with the kernel being 2.6.35.9. I've set the keylife and ikelifetime to default values and rekey to yes. So when the IPSec re-establishes the tunnel
> after the keylife period expires is there any way to check if the IPSec tunnel is up after the keylife expiry. What i mean to say is there any way to indicate a difference
> between the tunnel which was existing during the previous keylife period and the current keylife period! Is there any variable which will indicate this difference or does it
> show up in "ipsec auto --status" command. Hope i made it clear. Awaiting response. Plz help!
Yes, the instance number (the number with the #) will have changed. The SPI will also have changed if
the phase2 rekeyed, which can be seen in "ipsec eroute" (klips) or "ip xfrm state" (netkey)
Paul
More information about the Users
mailing list