Openswan ipsec tool: Unterschied zwischen den Versionen
Thomas (Diskussion | Beiträge) |
Thomas (Diskussion | Beiträge) |
||
Zeile 26: | Zeile 26: | ||
*ipsec auto --up toc-ras | *ipsec auto --up toc-ras | ||
− | 104 "toc-ras" #5: STATE_MAIN_I1: initiate | + | ;104 "toc-ras" #5: STATE_MAIN_I1: initiate |
− | 003 "toc-ras" #5: received Vendor ID payload [Openswan (this version) 2.6.38 ] | + | ;003 "toc-ras" #5: received Vendor ID payload [Openswan (this version) 2.6.38 ] |
003 "toc-ras" #5: received Vendor ID payload [Dead Peer Detection] | 003 "toc-ras" #5: received Vendor ID payload [Dead Peer Detection] | ||
106 "toc-ras" #5: STATE_MAIN_I2: sent MI2, expecting MR2 | 106 "toc-ras" #5: STATE_MAIN_I2: sent MI2, expecting MR2 |
Version vom 11. Februar 2016, 13:34 Uhr
start
- ipsec setup --start
ipsec_setup: Starting Openswan IPsec U2.6.38/K3.19.0-25-generic...
stop
- ipsec setup --stop
ipsec_setup: Stopping Openswan IPsec...
restart
- ipsec setup --restart
ipsec_setup: Stopping Openswan IPsec... ipsec_setup: stop ordered, but IPsec appears to be already stopped! ipsec_setup: doing cleanup anyway... ipsec_setup: Starting Openswan IPsec U2.6.38/K3.19.0-25-generic...
status
- ipsec setup --status
IPsec running - pluto pid: 9515 pluto pid 9515 No tunnels up
Anzeige der verfügbaren Verbindungen
- grep conn /etc/ipsec.conf
conn toc-ras
conn add
- ipsec auto --add toc-ras
conn up
- ipsec auto --up toc-ras
- 104 "toc-ras" #5
- STATE_MAIN_I1: initiate
- 003 "toc-ras" #5
- received Vendor ID payload [Openswan (this version) 2.6.38 ]
003 "toc-ras" #5: received Vendor ID payload [Dead Peer Detection] 106 "toc-ras" #5: STATE_MAIN_I2: sent MI2, expecting MR2 108 "toc-ras" #5: STATE_MAIN_I3: sent MI3, expecting MR3 003 "toc-ras" #5: received Vendor ID payload [CAN-IKEv2] 004 "toc-ras" #5: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=aes_256 prf=oakley_md5 group=modp1536} 117 "toc-ras" #6: STATE_QUICK_I1: initiate 004 "toc-ras" #6: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {ESP=>0x5b54fafa <0xd99615e0 xfrm=AES_256-HMAC_MD5 NATOA=none NATD=none DPD=none}
conn delete
ipsec auto --delete <conn>
conn down
ipsec auto --down <conn>
reread secrets
ipsec auto --rereadsecrets
list ca certs
ipsec auto --listcacerts
list certs
ipsec auto --listcerts
status of all connections
ipsec auto --status
have a look to the established connections
ipsec look
showdefaults ip, nexthop, interface
ipsec showdefaults
collect debugging infos
ipsec barf --short