[Openswan Users] Determing connection name
Jesse N Perez
perezje at us.ibm.com
Mon Jun 1 16:26:49 EDT 2015
Thanks Nick and Daniel.
my gateway.conf is using "auto=add" and as Nick pointed out it should route
automatically so something else going on.
I sent a separate email showing my entire configuration in case you guys
see something wrong.
In this email my main question was when using a configuration that uses
%any it looks like pluto assigns each tunnel an index number. So if my
gateway.conf uses a connection name of gateway-conn then doing an "ipsec
auto status" will show
"gateway-conn"[1] 10.62.66.49:500...
"gateway-conn"[2] 10.62.66.50:500...
using an index [x] for each connection.
Now if I want to do a "ipsec auto --delete <connection-name>" for just
gateway-conn[2] what connection name do I use?
Thanks
Jesse N. Perez
IBM Software Group | Cloud and Smarter Infrastructure Division
(352) 341-3872 | perezje at us.ibm.com
|------------>
| From: |
|------------>
>--------------------------------------------------------------------------------------------------------------------------------------------------|
|Daniel Cave <dan.cave at icloud.com> |
>--------------------------------------------------------------------------------------------------------------------------------------------------|
|------------>
| To: |
|------------>
>--------------------------------------------------------------------------------------------------------------------------------------------------|
|Jesse N Perez/Tampa/IBM at IBMUS |
>--------------------------------------------------------------------------------------------------------------------------------------------------|
|------------>
| Cc: |
|------------>
>--------------------------------------------------------------------------------------------------------------------------------------------------|
|users at lists.openswan.org |
>--------------------------------------------------------------------------------------------------------------------------------------------------|
|------------>
| Date: |
|------------>
>--------------------------------------------------------------------------------------------------------------------------------------------------|
|05/28/2015 09:41 AM |
>--------------------------------------------------------------------------------------------------------------------------------------------------|
|------------>
| Subject: |
|------------>
>--------------------------------------------------------------------------------------------------------------------------------------------------|
|Re: [Openswan Users] Determing connection name |
>--------------------------------------------------------------------------------------------------------------------------------------------------|
Jesse, are your 'connections' listed and setup as 'backup' vpn tunnels?
Have you set them up like Nick says, as 'auto=add' or can you just 'parse'
the /etc/ipsec.conf by looking for the string "conn [xxxx]" then using some
scripting to work out what you're trying to do ?
I also noticed from the ipsec.conf man page, there's an option called
'leftupdown' which you can define as a script and run to adjust
routing/firewalling when the status of the connection changes.. you might
want to look into that.
On May 28, 2015, at 08:03 AM, Nick Howitt <nick at howitts.co.uk> wrote:
I don't think you see the correct conn name until Quick Mode is
negotiated. In Main Mode it can pick any valid conn name to match
against. If you are using "auto=add" in your conn, it should route
automatically. This looks more like a configuration error with a
failed
negotiation rather than a failure to route.
Regards,
Nick
On 2015-05-28 01:40, Jesse N Perez wrote:
I'm looking for a way to determine the connection name that I
can use
in a call to "ipsec auto --route <conn-name>" for a
gateway.conf using
"right=%any"
When I do a "ipsec auto --status | grep 10.107.76.160" I get...
000 "gateway-conn"[4682]:
10.60.87.6<10.60.87.6>[+S=C]...10.107.76.160[+S=C]; unrouted;
eroute
owner: #0
000 #34977: "gateway-conn"[4682] 10.107.76.160:500
STATE_MAIN_R2
(sent MR2, expecting MI3); EVENT_RETRANSMIT in 19s; lastdpd=-1s
(seq
in:0 out:0); idle; import:not set
and see its unrouted. Note the conn-name is shown as
gateway-conn[4682] where 4682 is the index number pluto must
have
chosen for this connection.
So if I want to route this connection using "ipsec auto --route
<conn-name>" how can I find the connection name?
Thanks,
Jesse N. Perez
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20150601/1eedd24b/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: graycol.gif
Type: image/gif
Size: 105 bytes
Desc: not available
URL: <http://lists.openswan.org/pipermail/users/attachments/20150601/1eedd24b/attachment-0002.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ecblank.gif
Type: image/gif
Size: 45 bytes
Desc: not available
URL: <http://lists.openswan.org/pipermail/users/attachments/20150601/1eedd24b/attachment-0003.gif>
More information about the Users
mailing list