[strongSwan] connection disappeared from ipsec statusall

Felix Shao sevenever at gmail.com
Thu Sep 22 07:53:41 CEST 2011


Sorry, I should have "reply to all":

Hello Andreas,

Thank you for your reply!

but I did not established any SA, as you can see in both case, there is only
a "none" in Security Associations: section.

Let me clarify my question:
I have this line in my /etc/ipsec.conf:

include /etc/ipsec.d/conns/*.conn

1.conn and 2.conn are placed in the conn directory with same configuration
except connection name,

After I remove file 2.conn from the directory, I expect to see that there is
only connection information for 1.conn in Connections section of "ipsec
statusall" output,
however, the result is nothing remaining in the Connections section after
"ipsec update"

After I restart charon by "ipsec stop" and "ipsec start", the connection
information came back.

test result:


root at myserver:/etc/ipsec.d/conns# ipsec statusall
Status of IKEv2 charon daemon (strongSwan 4.5.0):
  uptime: 2 seconds, since Sep 22 13:39:54 2011

  malloc: sbrk 262144, mmap 0, used 125824, free 136320
  worker threads: 7 idle of 16, job queue load: 0, scheduled events: 0
  loaded plugins: test-vectors curl ldap aes des sha1 sha2 md5 random x509
revocation pubkey pkcs1 pgp pem openssl fips-prf gmp agent pkcs11 xcbc hmac
ctr ccm gcm attr kernel-netlink resolve socket-raw farp stroke updown
eap-identity eap-aka eap-md5 eap-gtc eap-mschapv2 eap-tls eap-ttls eap-tnc
dhcp led addrblock
Listening IP addresses:
  10.2.2.2
Connections:
                       <======================== 1 and 2 are all present in
Connections section

           2:  10.2.2.2...10.2.2.1
           2:   local:  [10.2.2.2] uses pre-shared key authentication
           2:   remote: [10.2.2.1] uses any authentication
           2:   child:  dynamic === dynamic
           1:   child:  dynamic === dynamic
Security Associations:
  none
root at myserver:/etc/ipsec.d/conns# mv 2.conn ~/.
<======================== remove 2.conn from the directory

root at myserver:/etc/ipsec.d/conns# ipsec update
Updating strongSwan IPsec configuration...
root at myserver:/etc/ipsec.d/conns# ipsec statusall
Status of IKEv2 charon daemon (strongSwan 4.5.0):
  uptime: 28 seconds, since Sep 22 13:39:53 2011
  malloc: sbrk 258048, mmap 0, used 116488, free 141560

  worker threads: 7 idle of 16, job queue load: 0, scheduled events: 0
  loaded plugins: test-vectors curl ldap aes des sha1 sha2 md5 random x509
revocation pubkey pkcs1 pgp pem openssl fips-prf gmp agent pkcs11 xcbc hmac
ctr ccm gcm attr kernel-netlink resolve socket-raw farp stroke updown
eap-identity eap-aka eap-md5 eap-gtc eap-mschapv2 eap-tls eap-ttls eap-tnc
dhcp led addrblock
Listening IP addresses:
  10.2.2.2
Connections:
<======================== There is nothing left in Connections section
Security Associations:
  none
root at myserver:/etc/ipsec.d/conns# ipsec stop && ipsec start
<========================restart charon
Stopping strongSwan IPsec...
Starting strongSwan 4.5.0 IPsec [starter]...

root at myserver:/etc/ipsec.d/conns# ipsec statusall
Status of IKEv2 charon daemon (strongSwan 4.5.0):
  uptime: 4 seconds, since Sep 22 13:40:31 2011
  malloc: sbrk 135168, mmap 0, used 123440, free 11728

  worker threads: 7 idle of 16, job queue load: 0, scheduled events: 0
  loaded plugins: test-vectors curl ldap aes des sha1 sha2 md5 random x509
revocation pubkey pkcs1 pgp pem openssl fips-prf gmp agent pkcs11 xcbc hmac
ctr ccm gcm attr kernel-netlink resolve socket-raw farp stroke updown
eap-identity eap-aka eap-md5 eap-gtc eap-mschapv2 eap-tls eap-ttls eap-tnc
dhcp led addrblock
Listening IP addresses:
  10.2.2.2
Connections:
           1:  10.2.2.2...10.2.2.1
<======================== The connection 1 come back
           1:   local:  [10.2.2.2] uses pre-shared key authentication
           1:   remote: [10.2.2.1] uses any authentication

           1:   child:  dynamic === dynamic
Security Associations:
  none
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20110922/308db0a1/attachment.html>


More information about the Users mailing list