Openswan ipsec tool: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
Thomas (Diskussion | Beiträge) |
Thomas (Diskussion | Beiträge) |
||
Zeile 44: | Zeile 44: | ||
=reread secrets= | =reread secrets= | ||
− | ipsec auto --rereadsecrets | + | *ipsec auto --rereadsecrets |
+ | |||
=list ca certs= | =list ca certs= | ||
ipsec auto --listcacerts | ipsec auto --listcacerts |
Version vom 11. Februar 2016, 13:37 Uhr
start
- ipsec setup --start
ipsec_setup: Starting Openswan IPsec U2.6.38/K3.19.0-25-generic...
stop
- ipsec setup --stop
ipsec_setup: Stopping Openswan IPsec...
restart
- ipsec setup --restart
ipsec_setup: Stopping Openswan IPsec... ipsec_setup: stop ordered, but IPsec appears to be already stopped! ipsec_setup: doing cleanup anyway... ipsec_setup: Starting Openswan IPsec U2.6.38/K3.19.0-25-generic...
status
- ipsec setup --status
IPsec running - pluto pid: 9515 pluto pid 9515 No tunnels up
Anzeige der verfügbaren Verbindungen
- grep conn /etc/ipsec.conf
conn toc-ras
conn add
- ipsec auto --add toc-ras
conn up
- ipsec auto --up toc-ras
104 "toc-ras" #5: STATE_MAIN_I1: initiate 003 "toc-ras" #5: received Vendor ID payload [Openswan (this version) 2.6.38 ] 003 "toc-ras" #5: received Vendor ID payload [Dead Peer Detection] 106 "toc-ras" #5: STATE_MAIN_I2: sent MI2, expecting MR2 108 "toc-ras" #5: STATE_MAIN_I3: sent MI3, expecting MR3 003 "toc-ras" #5: received Vendor ID payload [CAN-IKEv2] 004 "toc-ras" #5: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=aes_256 prf=oakley_md5 group=modp1536} 117 "toc-ras" #6: STATE_QUICK_I1: initiate 004 "toc-ras" #6: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {ESP=>0x5b54fafa <0xd99615e0 xfrm=AES_256-HMAC_MD5 NATOA=none NATD=none DPD=none}
conn delete
- ipsec auto --delete toc-ras
conn down
- ipsec auto --down toc-ras
reread secrets
- ipsec auto --rereadsecrets
list ca certs
ipsec auto --listcacerts
list certs
ipsec auto --listcerts
status of all connections
ipsec auto --status
have a look to the established connections
ipsec look
showdefaults ip, nexthop, interface
ipsec showdefaults
collect debugging infos
ipsec barf --short