[Openswan Users] /etc/init.d/ipsec status : How to know if tunnels created are bidirectional!

Muenz, Michael m.muenz at spam-fetish.org
Tue Jan 31 03:36:59 EST 2012


Am 31.01.2012 09:27, schrieb satpal parmar:
> How it help when Ipsec is not yet started in other side of 
> connection.Will it wait ? I tried this but I am getting same response.

Yes, you can control the behavior with DPD (man ipsec.conf).

> I am not using KLIPS but netkey. State is ok  I can see debug logs . I
> was looking for more descriptive information on nature of tunnel.

I'm not really familiar with netkey, try to catch a unidirectional 
tunnel and compare the values of "ipsec auto --status | grep yourconn".
I would install smokeping on you box (with NAT entries to match the 
tunnel) to check the connection. You could also include the starting of 
smokeping with you script.

Michael


More information about the Users mailing list