[strongSwan] IKE_SA/CHILD_SA instance
Tobias Brunner
tobias at strongswan.org
Thu Nov 8 09:15:34 CET 2012
Hi Jordan,
> I appreciate if any one could explain to me whether IKE_SA connection
> instance # is unique within the entire IKE_SA list?
Yes, the number displayed in [] behind the connection name uniquely
identifies an IKE_SA within the entire IKE_SA list.
> Is the instance ID unique with in the entire IPsec SA list?
Yes, the number displayed in {} here is actually the reqid of an IPsec
SA, that is, it can also be seen in the output of ip xfrm state.
> I want to use the instance # (without connection name) to delete IKE_SA
> and CHILD_SA's.
Simply use either [n] or {n} with ipsec down to do that (n being the
respective unique id). That the name is optional in this case is now
also explained on the wiki page at [1].
Regards,
Tobias
[1] http://wiki.strongswan.org/projects/strongswan/wiki/IpsecCommand
More information about the Users
mailing list