Swanctl: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
Thomas (Diskussion | Beiträge) |
Thomas (Diskussion | Beiträge) (→log) |
||
Zeile 42: | Zeile 42: | ||
13[ENC] generating QUICK_MODE request 2013598800 [ HASH ] | 13[ENC] generating QUICK_MODE request 2013598800 [ HASH ] | ||
13[NET] sending packet: from 10.84.252.40[500] to 10.84.252.32[500] (76 bytes) | 13[NET] sending packet: from 10.84.252.40[500] to 10.84.252.32[500] (76 bytes) | ||
+ | </pre> | ||
+ | =list currently active IKE_SA= | ||
+ | *swanctl --list-sas | ||
+ | <pre> | ||
+ | net-net: #16, ESTABLISHED, IKEv1, a1fb1d5845410355_i* 852dddf52f17ea70_r | ||
+ | local '10.84.252.40' @ 10.84.252.40[500] | ||
+ | remote '10.84.252.32' @ 10.84.252.32[500] | ||
+ | AES_CBC-256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048 | ||
+ | established 572s ago, rekeying in 466s, reauth in 2968s | ||
+ | net: #8, reqid 4, REKEYED, TUNNEL, ESP:AES_CBC-256/HMAC_SHA2_256_128/MODP_2048 | ||
+ | installed 440s ago, rekeying in 115s, expires in 220s | ||
+ | in c66297e6, 0 bytes, 0 packets | ||
+ | out c4bb33a8, 0 bytes, 0 packets | ||
+ | local 10.83.40.0/24 | ||
+ | remote 10.83.32.0/24 | ||
+ | net: #9, reqid 4, REKEYED, TUNNEL, ESP:AES_CBC-256/HMAC_SHA2_256_128/MODP_2048 | ||
+ | installed 437s ago, rekeying in 104s, expires in 223s | ||
+ | in ccf16d2a, 0 bytes, 0 packets | ||
+ | out cc4f9d29, 0 bytes, 0 packets | ||
+ | local 10.83.40.0/24 | ||
+ | remote 10.83.32.0/24 | ||
+ | ... | ||
</pre> | </pre> |
Version vom 8. Dezember 2017, 21:48 Uhr
(re-)load connection configuration
- swanctl -c
loaded connection 'net-net' successfully loaded 1 connections, 0 unloaded
initiate a connection
- swanctl --initiate --child net
[ENC] generating QUICK_MODE request 661387916 [ HASH SA No KE ID ID ] [NET] sending packet: from 10.84.252.40[500] to 10.84.252.32[500] (460 bytes) [NET] received packet: from 10.84.252.32[500] to 10.84.252.40[500] (460 bytes) [ENC] parsed QUICK_MODE response 661387916 [ HASH SA No KE ID ID ] [IKE] CHILD_SA net{7} established with SPIs c7a4e05a_i c95bd1a5_o and TS 10.83.40.0/24 === 10.83.32.0/24 [ENC] generating QUICK_MODE request 661387916 [ HASH ] [NET] sending packet: from 10.84.252.40[500] to 10.84.252.32[500] (76 bytes) initiate completed successfully
terminate a connection
- swanctl --terminate --child net
[IKE] closing CHILD_SA net{6} with SPIs c1ea2318_i (0 bytes) c3ede3a4_o (0 bytes) and TS 10.83.40.0/24 === 10.83.32.0/24 [IKE] sending DELETE for ESP CHILD_SA with SPI c1ea2318 [ENC] generating INFORMATIONAL_V1 request 2587432778 [ HASH D ] [NET] sending packet: from 10.84.252.40[500] to 10.84.252.32[500] (92 bytes) [IKE] closing CHILD_SA net{7} with SPIs c7a4e05a_i (0 bytes) c95bd1a5_o (0 bytes) and TS 10.83.40.0/24 === 10.83.32.0/24 [IKE] sending DELETE for ESP CHILD_SA with SPI c7a4e05a [ENC] generating INFORMATIONAL_V1 request 1981643187 [ HASH D ] [NET] sending packet: from 10.84.252.40[500] to 10.84.252.32[500] (92 bytes) terminate completed successfully
rekey an SA
- swanctl --rekey --child net
rekey completed successfully
log
- swanctl --log
09[CFG] vici rekey CHILD_SA 'net' 09[ENC] generating QUICK_MODE request 2013598800 [ HASH SA No KE ID ID ] 09[NET] sending packet: from 10.84.252.40[500] to 10.84.252.32[500] (460 bytes) 13[NET] received packet: from 10.84.252.32[500] to 10.84.252.40[500] (460 bytes) 13[ENC] parsed QUICK_MODE response 2013598800 [ HASH SA No KE ID ID ] 13[IKE] CHILD_SA net{23} established with SPIs c6c7ffed_i cf1d5f57_o and TS 10.83.40.0/24 === 10.83.32.0/24 13[ENC] generating QUICK_MODE request 2013598800 [ HASH ] 13[NET] sending packet: from 10.84.252.40[500] to 10.84.252.32[500] (76 bytes)
list currently active IKE_SA
- swanctl --list-sas
net-net: #16, ESTABLISHED, IKEv1, a1fb1d5845410355_i* 852dddf52f17ea70_r local '10.84.252.40' @ 10.84.252.40[500] remote '10.84.252.32' @ 10.84.252.32[500] AES_CBC-256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048 established 572s ago, rekeying in 466s, reauth in 2968s net: #8, reqid 4, REKEYED, TUNNEL, ESP:AES_CBC-256/HMAC_SHA2_256_128/MODP_2048 installed 440s ago, rekeying in 115s, expires in 220s in c66297e6, 0 bytes, 0 packets out c4bb33a8, 0 bytes, 0 packets local 10.83.40.0/24 remote 10.83.32.0/24 net: #9, reqid 4, REKEYED, TUNNEL, ESP:AES_CBC-256/HMAC_SHA2_256_128/MODP_2048 installed 437s ago, rekeying in 104s, expires in 223s in ccf16d2a, 0 bytes, 0 packets out cc4f9d29, 0 bytes, 0 packets local 10.83.40.0/24 remote 10.83.32.0/24 ...