[strongSwan] different output of 'ipsec statusall' command in version 4.5.3 and 5.0.2 for tunnels configured with IKEv1

अनुज anuj01 at gmail.com
Wed Apr 24 12:41:10 CEST 2013

Hi List,

I have created a tunnel between two machine M1 and M2. Tunnel seems to be
created successfully and I am also able to ping between two endpoints.
Configuration at both ends is as follows:

M1 (Octean):
Ipsec version:
 Linux strongSwan U4.5.3/K2.6.32.60-1-lfs130202-ci1-fct


root at 172:~ >ipsec status
000 "conn1":[CN=RY110409750.nokiasiemensnetworks.com<>,
O=Nokia Siemens Networks]...[]===;
erouted; eroute owner: #2
000 "conn1":   newest ISAKMP SA: #1; newest IPsec SA: #2;
000 #2: "conn1" STATE_QUICK_I2 (sent QI2, IPsec SA established);
EVENT_SA_REPLACE in 12280s; newest IPSEC; eroute owner
000 #2: "conn1" esp.ca76e203 at (168 bytes, 11s ago)
esp.c01555e3 at (168 bytes, 11s ago); tunnel
000 #1: "conn1" STATE_MAIN_I4 (ISAKMP SA established); EVENT_SA_REPLACE in
10778s; newest ISAKMP
Security Associations (0 up, 0 connecting):

M2 (x86):
Ipsec version:
Linux strongSwan U5.0.2/K2.6.18-128.el5


[root at localhost ~]# ipsec status
Security Associations (1 up, 0 connecting):
       conn1[5]: ESTABLISHED 20 hours ago,[CN=
O=Nokia Siemens Networks]...[CN=
O=Nokia Siemens Networks]
       conn1{1}:  REKEYING, TUNNEL, expires in 85 minutes
       conn1{1}: ===
       conn1{1}:  INSTALLED, TUNNEL, ESP SPIs: ca76e203_i c01555e3_o
       conn1{1}: ===

Why is there such a difference between two outputs?

Please help.

Anuj Aggarwal

: :Ⓐ :   # apt-get install hakuna-matata
`. `'`
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20130424/d782a9e2/attachment.html>

More information about the Users mailing list