[strongSwan] different output of 'ipsec statusall' command in version 4.5.3 and 5.0.2 for tunnels configured with IKEv1

अनुज anuj01 at gmail.com
Wed Apr 24 12:41:10 CEST 2013


Hi List,

I have created a tunnel between two machine M1 and M2. Tunnel seems to be
created successfully and I am also able to ping between two endpoints.
Configuration at both ends is as follows:

M1 (Octean):
IKEv1
Ipsec version:
 Linux strongSwan U4.5.3/K2.6.32.60-1-lfs130202-ci1-fct

Output:

root at 172:~ >ipsec status
000 "conn1":
10.10.10.0/24===10.10.10.8[CN=RY110409750.nokiasiemensnetworks.com<http://10.10.10.0/24===10.10.10.8%5BCN=RY110409750.nokiasiemensnetworks.com>,
O=Nokia Siemens Networks]...10.10.10.9[10.10.10.9]===10.10.10.0/24;
erouted; eroute owner: #2
000 "conn1":   newest ISAKMP SA: #1; newest IPsec SA: #2;
000
000 #2: "conn1" STATE_QUICK_I2 (sent QI2, IPsec SA established);
EVENT_SA_REPLACE in 12280s; newest IPSEC; eroute owner
000 #2: "conn1" esp.ca76e203 at 10.10.10.9 (168 bytes, 11s ago)
esp.c01555e3 at 10.10.10.8 (168 bytes, 11s ago); tunnel
000 #1: "conn1" STATE_MAIN_I4 (ISAKMP SA established); EVENT_SA_REPLACE in
10778s; newest ISAKMP
000
Security Associations (0 up, 0 connecting):
  none

M2 (x86):
IKEv1
Ipsec version:
Linux strongSwan U5.0.2/K2.6.18-128.el5

Output:

[root at localhost ~]# ipsec status
Security Associations (1 up, 0 connecting):
       conn1[5]: ESTABLISHED 20 hours ago, 10.10.10.9[CN=
RY110409750.nokiasiemensnetworks.com<http://ry110409750.nokiasiemensnetworks.com/>,
O=Nokia Siemens Networks]...10.10.10.8[CN=
RY110409750.nokiasiemensnetworks.com<http://ry110409750.nokiasiemensnetworks.com/>,
O=Nokia Siemens Networks]
       conn1{1}:  REKEYING, TUNNEL, expires in 85 minutes
       conn1{1}:   10.10.10.0/24 === 10.10.10.0/24
       conn1{1}:  INSTALLED, TUNNEL, ESP SPIs: ca76e203_i c01555e3_o
       conn1{1}:   10.10.10.0/24 === 10.10.10.0/24


Why is there such a difference between two outputs?

Please help.



-- 
Anuj Aggarwal

 .''`.
: :Ⓐ :   # apt-get install hakuna-matata
`. `'`
   `-
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20130424/d782a9e2/attachment.html>


More information about the Users mailing list