Swanctl: Unterschied zwischen den Versionen

Aus xinux.net
Zur Navigation springen Zur Suche springen
Zeile 75: Zeile 75:
 
*swanctl --list-sas
 
*swanctl --list-sas
 
<pre>
 
<pre>
net-net: #16, ESTABLISHED, IKEv1, a1fb1d5845410355_i* 852dddf52f17ea70_r
+
net: #3, ESTABLISHED, IKEv1, 41805ab3792c873b_i* 7f163baa33346484_r
 
   local  '10.84.252.40' @ 10.84.252.40[500]
 
   local  '10.84.252.40' @ 10.84.252.40[500]
 
   remote '10.84.252.32' @ 10.84.252.32[500]
 
   remote '10.84.252.32' @ 10.84.252.32[500]
 
   AES_CBC-256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
 
   AES_CBC-256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
   established 572s ago, rekeying in 466s, reauth in 2968s
+
   established 867s ago, rekeying in 13421s
   net: #8, reqid 4, REKEYED, TUNNEL, ESP:AES_CBC-256/HMAC_SHA2_256_128/MODP_2048
+
   net-1: #3, reqid 2, REKEYED, TUNNEL, ESP:AES_CBC-256/HMAC_SHA2_256_128/MODP_2048
     installed 440s ago, rekeying in 115s, expires in 220s
+
     installed 49s ago, rekeying in 3275s, expires in 3912s
     in  c66297e6,      0 bytes,    0 packets
+
     in  ca334880,      0 bytes,    0 packets
     out c4bb33a8,      0 bytes,    0 packets
+
     out c806412c,      0 bytes,    0 packets
 
     local  10.83.40.0/24
 
     local  10.83.40.0/24
 
     remote 10.83.32.0/24
 
     remote 10.83.32.0/24
   net: #9, reqid 4, REKEYED, TUNNEL, ESP:AES_CBC-256/HMAC_SHA2_256_128/MODP_2048
+
   net-1: #4, reqid 2, INSTALLED, TUNNEL, ESP:AES_CBC-256/HMAC_SHA2_256_128/MODP_2048
     installed 437s ago, rekeying in 104s, expires in 223s
+
     installed 47s ago, rekeying in 3404s, expires in 3913s
     in  ccf16d2a,      0 bytes,    0 packets
+
     in  c5a10589,      0 bytes,    0 packets
     out cc4f9d29,      0 bytes,    0 packets
+
     out c632c7bf,      0 bytes,    0 packets
 
     local  10.83.40.0/24
 
     local  10.83.40.0/24
 
     remote 10.83.32.0/24
 
     remote 10.83.32.0/24
...
 
 
</pre>
 
</pre>

Version vom 9. Dezember 2017, 19:47 Uhr

(re-)load connection configuration

  • swanctl -c
loaded connection 'net'
successfully loaded 1 connections, 0 unloaded

(re-)load credentials

  • swanctl -s
loaded ike secret 'ike-net'

load credentials, authorities, pools and connections

  • swanctl -q
loaded ike secret 'ike-net'
no authorities found, 0 unloaded
no pools found, 0 unloaded
loaded connection 'net'
successfully loaded 1 connections, 0 unloaded

initiate a connection

  • swanctl --initiate --child net-1
[ENC] generating QUICK_MODE request 2770629131 [ HASH SA No KE ID ID ]
[NET] sending packet: from 10.84.252.40[500] to 10.84.252.32[500] (460 bytes)
[NET] received packet: from 10.84.252.32[500] to 10.84.252.40[500] (460 bytes)
[ENC] parsed QUICK_MODE response 2770629131 [ HASH SA No KE ID ID ]
[IKE] CHILD_SA net-1{2} established with SPIs cad409e6_i c02e7852_o and TS 10.83.40.0/24 === 10.83.32.0/24
[ENC] generating QUICK_MODE request 2770629131 [ HASH ]
[NET] sending packet: from 10.84.252.40[500] to 10.84.252.32[500] (76 bytes)
initiate completed successfully

terminate a connection

  • swanctl --terminate --child net-1
[IKE] closing CHILD_SA net-1{1} with SPIs c2b81202_i (0 bytes) c817d05d_o (0 bytes) and TS 10.83.40.0/24 === 10.83.32.0/24
[IKE] sending DELETE for ESP CHILD_SA with SPI c2b81202
[ENC] generating INFORMATIONAL_V1 request 328806429 [ HASH D ]
[NET] sending packet: from 10.84.252.40[500] to 10.84.252.32[500] (92 bytes)
[IKE] closing CHILD_SA net-1{2} with SPIs cad409e6_i (0 bytes) c02e7852_o (0 bytes) and TS 10.83.40.0/24 === 10.83.32.0/24
terminate completed successfully

list loaded configurations

  • swanctl --list-conn
net-net: IKEv1, reauthentication every 3600s
  local:  10.84.252.40
  remote: 10.84.252.32
  local pre-shared key authentication:
    id: 10.84.252.40
  remote pre-shared key authentication:
    id: 10.84.252.32
  net: TUNNEL, rekeying every 600s
    local:  10.83.40.0/24
    remote: 10.83.32.0/24

rekey an SA

  • swanctl --rekey --child net-1
rekey completed successfully

log

  • swanctl --log
09[CFG] vici rekey CHILD_SA 'net-1'
09[ENC] generating QUICK_MODE request 2013598800 [ HASH SA No KE ID ID ]
09[NET] sending packet: from 10.84.252.40[500] to 10.84.252.32[500] (460 bytes)
13[NET] received packet: from 10.84.252.32[500] to 10.84.252.40[500] (460 bytes)
13[ENC] parsed QUICK_MODE response 2013598800 [ HASH SA No KE ID ID ]
13[IKE] CHILD_SA net{23} established with SPIs c6c7ffed_i cf1d5f57_o and TS 10.83.40.0/24 === 10.83.32.0/24
13[ENC] generating QUICK_MODE request 2013598800 [ HASH ]
13[NET] sending packet: from 10.84.252.40[500] to 10.84.252.32[500] (76 bytes)

list currently active IKE_SA

  • swanctl --list-sas
net: #3, ESTABLISHED, IKEv1, 41805ab3792c873b_i* 7f163baa33346484_r
  local  '10.84.252.40' @ 10.84.252.40[500]
  remote '10.84.252.32' @ 10.84.252.32[500]
  AES_CBC-256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
  established 867s ago, rekeying in 13421s
  net-1: #3, reqid 2, REKEYED, TUNNEL, ESP:AES_CBC-256/HMAC_SHA2_256_128/MODP_2048
    installed 49s ago, rekeying in 3275s, expires in 3912s
    in  ca334880,      0 bytes,     0 packets
    out c806412c,      0 bytes,     0 packets
    local  10.83.40.0/24
    remote 10.83.32.0/24
  net-1: #4, reqid 2, INSTALLED, TUNNEL, ESP:AES_CBC-256/HMAC_SHA2_256_128/MODP_2048
    installed 47s ago, rekeying in 3404s, expires in 3913s
    in  c5a10589,      0 bytes,     0 packets
    out c632c7bf,      0 bytes,     0 packets
    local  10.83.40.0/24
    remote 10.83.32.0/24
Abgerufen von „https://xinux.net/index.php?title=Swanctl&oldid=15955