Openswan ipsec tool: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
Thomas (Diskussion | Beiträge) |
Thomas (Diskussion | Beiträge) |
||
Zeile 24: | Zeile 24: | ||
=conn up= | =conn up= | ||
− | ipsec auto --up < | + | *ipsec auto --up toc-ras |
+ | <pre> | ||
+ | 104 "toc-ras" #5: STATE_MAIN_I1: initiate | ||
+ | 003 "toc-ras" #5: received Vendor ID payload [Openswan (this version) 2.6.38 ] | ||
+ | 003 "toc-ras" #5: received Vendor ID payload [Dead Peer Detection] | ||
+ | 106 "toc-ras" #5: STATE_MAIN_I2: sent MI2, expecting MR2 | ||
+ | 108 "toc-ras" #5: STATE_MAIN_I3: sent MI3, expecting MR3 | ||
+ | 003 "toc-ras" #5: received Vendor ID payload [CAN-IKEv2] | ||
+ | 004 "toc-ras" #5: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=aes_256 prf=oakley_md5 group=modp1536} | ||
+ | 117 "toc-ras" #6: STATE_QUICK_I1: initiate | ||
+ | 004 "toc-ras" #6: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {ESP=>0x5b54fafa <0xd99615e0 xfrm=AES_256-HMAC_MD5 NATOA=none NATD=none DPD=none} | ||
+ | </pre> | ||
+ | |||
=conn delete= | =conn delete= | ||
ipsec auto --delete <conn> | ipsec auto --delete <conn> |
Version vom 11. Februar 2016, 13:33 Uhr
start
- ipsec setup --start
ipsec_setup: Starting Openswan IPsec U2.6.38/K3.19.0-25-generic...
stop
- ipsec setup --stop
ipsec_setup: Stopping Openswan IPsec...
restart
- ipsec setup --restart
ipsec_setup: Stopping Openswan IPsec... ipsec_setup: stop ordered, but IPsec appears to be already stopped! ipsec_setup: doing cleanup anyway... ipsec_setup: Starting Openswan IPsec U2.6.38/K3.19.0-25-generic...
status
- ipsec setup --status
IPsec running - pluto pid: 9515 pluto pid 9515 No tunnels up
Anzeige der verfügbaren Verbindungen
- grep conn /etc/ipsec.conf
conn toc-ras
conn add
- ipsec auto --add toc-ras
conn up
- ipsec auto --up toc-ras
104 "toc-ras" #5: STATE_MAIN_I1: initiate 003 "toc-ras" #5: received Vendor ID payload [Openswan (this version) 2.6.38 ] 003 "toc-ras" #5: received Vendor ID payload [Dead Peer Detection] 106 "toc-ras" #5: STATE_MAIN_I2: sent MI2, expecting MR2 108 "toc-ras" #5: STATE_MAIN_I3: sent MI3, expecting MR3 003 "toc-ras" #5: received Vendor ID payload [CAN-IKEv2] 004 "toc-ras" #5: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=aes_256 prf=oakley_md5 group=modp1536} 117 "toc-ras" #6: STATE_QUICK_I1: initiate 004 "toc-ras" #6: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {ESP=>0x5b54fafa <0xd99615e0 xfrm=AES_256-HMAC_MD5 NATOA=none NATD=none DPD=none}
conn delete
ipsec auto --delete <conn>
conn down
ipsec auto --down <conn>
reread secrets
ipsec auto --rereadsecrets
list ca certs
ipsec auto --listcacerts
list certs
ipsec auto --listcerts
status of all connections
ipsec auto --status
have a look to the established connections
ipsec look
showdefaults ip, nexthop, interface
ipsec showdefaults
collect debugging infos
ipsec barf --short