[Openswan Users] /etc/init.d/ipsec status : How to know if tunnels created are bidirectional!

satpal parmar systems.satpal at gmail.com
Tue Jan 31 03:27:43 EST 2012


Thanks for your prompt response Muenz!  Please find my response below.

On Tue, Jan 31, 2012 at 1:08 PM, Muenz, Michael <m.muenz at spam-fetish.org> wrote:
> Am 31.01.2012 07:45, schrieb satpal parmar:
>
>> Hi All!
>>
>> I am facing a small problem. I have ipsec running on two Linux boxes.
>> Now I want to connect them through ipsec tunnels. I build a small
>> script for this as you have to type them every time  for a connection
>> :
>>
>> #!/bin/sh
>>
>> service ipsec stop
>> service ipsec start
>> ipsec auto --add test
>> ipsec auto --up test
>
>
> Why don't you use auto=start?
How it help when Ipsec is not yet started in other side of
connection.Will it wait ?  I tried this but I am getting same
response.
>
>
>>
>> Now I want to know if there is guarantee these two tunnel
>> bidirectional. Is it possible to have two unidirectional tunnel btn
>> two two boxes? What is the correct I interpretation  this message from
>> status.
>
>
> With KLIPS you could do a ipsec eroute, grep the tunnel und check the state.
I am not using KLIPS but netkey. State is ok  I can see debug logs . I
was looking for more descriptive information on nature of tunnel.

>> Any suggestion on this automation of connection is welcomed
>
>
> If there's no reason against keeping the tunnel always up, I would invest
> the time fixing this problem.
Thanks.
>
> Michael
> _______________________________________________
> Users at lists.openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155


More information about the Users mailing list