[Openswan Users] is this tunnel really up ?
fatcharly at gmx.de
fatcharly at gmx.de
Thu Sep 20 13:09:09 EDT 2012
-------- Original-Nachricht --------
> Datum: Thu, 20 Sep 2012 12:09:38 -0400 (EDT)
> Von: Paul Wouters <paul at nohats.ca>
> An: fatcharly at gmx.de
> Betreff: Re: [Openswan Users] is this tunnel really up ?
> On Thu, 20 Sep 2012, fatcharly at gmx.de wrote:
>
> > I´m using a openswan-2.6.32-16.el6.i386 on a CentOS 6.3. I try to
> connect to a vpn-gateway with psk. This is a part of the ipsec auto staus:
> > 000 #6: "lotto_RLP_test":500 STATE_QUICK_I2 (sent QI2, IPsec SA
> established); EVENT_SA_REPLACE in 21903s; newest IPSEC; eroute owner; isakmp#5;
> idle; import:admin initiate
> > 000 #6: "lotto_RLP_test" esp.8fe70e16 at XX.XXX.XXX.34
> esp.e19ff238 at XX.XXX.XX.2 tun.0 at XX.XXX.XXX.34 tun.0 at XX.XXX.XX.2 ref=0 refhim=4294901761
> > 000 #5: "lotto_RLP_test":500 STATE_MAIN_I4 (ISAKMP SA established);
> EVENT_SA_REPLACE in 21611s; newest ISAKMP; lastdpd=-1s(seq in:0 out:0); idle;
> import:admin initiate
> > 000
> >
> > Is this tunnel between XX.XXX.XX.2 and XX.XXX.XXX.34 up ?
>
> Almost, but not entirely. One way is up (STATE_QUICK_I2) but it is still
> waiting on STATE_QUICK_R2 from the other side saying it completed it as
> well. The ISAKMP SA established means the "command channel" (aka phase1)
> is up.
>
> Paul
So how can I be sure that the tunnel is up by looking at the logfiles ?
Kind regards
fatcharly
More information about the Users
mailing list