[strongSwan] different output of 'ipsec statusall' command in version 4.5.3 and 5.0.2 for tunnels configured with IKEv1
अनुज
anuj01 at gmail.com
Thu Apr 25 11:06:59 CEST 2013
Hi,
Please sombody on list comment on this output for 'ipsec statusall' command
for IKEv1.
Thanks & Regards,
Anuj Aggarwal
On Wed, Apr 24, 2013 at 6:12 PM, अनुज <anuj01 at gmail.com> wrote:
> Hi Martin,
>
> Thanks for your quick response.
>
> But then why its not showing SA as ESTABLISHED while its indeed
> ESTABLISHED and working fine for IKEv1:
>
>
> M1 (Octean):
> IKEv1
> Ipsec version:
> Linux strongSwan U4.5.3/K2.6.32.60-1-lfs130202-
> ci1-fct
>
> Output:
>
> root at 172:~ >ipsec status
> 000 "conn1":
> 10.10.10.0/24===10.10.10.8[CN=RY110409750.nokiasiemensnetworks.com<http://10.10.10.0/24===10.10.10.8%5BCN=RY110409750.nokiasiemensnetworks.com>,
> O=Nokia Siemens Networks]...10.10.10.9[10.10.10.9]===10.10.10.0/24;
> erouted; eroute owner: #2
> 000 "conn1": newest ISAKMP SA: #1; newest IPsec SA: #2;
> 000
> 000 #2: "conn1" STATE_QUICK_I2 (sent QI2, IPsec SA established);
> EVENT_SA_REPLACE in 12280s; newest IPSEC; eroute owner
> 000 #2: "conn1" esp.ca76e203 at 10.10.10.9 (168 bytes, 11s ago)
> esp.c01555e3 at 10.10.10.8 (168 bytes, 11s ago); tunnel
> 000 #1: "conn1" STATE_MAIN_I4 (ISAKMP SA established); EVENT_SA_REPLACE in
> 10778s; newest ISAKMP
> 000
> *Security Associations (0 up, 0 connecting):*
> none
>
>
> is this a known issue and pluto daemon do not support this?
>
>
>
>
>
> On Wed, Apr 24, 2013 at 4:24 PM, Martin Willi <martin at strongswan.org>wrote:
>
>> Hi,
>>
>> > Linux strongSwan U4.5.3/K2.6.32.60-1-lfs130202-ci1-fct
>> > Linux strongSwan U5.0.2/K2.6.18-128.el5
>>
>> > Why is there such a difference between two outputs?
>>
>> strongSwan 5.x introduces a completely new implementation of the IKEv1
>> protocol in the charon daemon (that previously handled IKEv2 only).
>>
>> 4.x used a different implementation of IKEv1, the pluto daemon.
>>
>> Regards
>> Martin
>>
>>
>
>
> --
> Anuj Aggarwal
>
> .''`.
> : :Ⓐ : # apt-get install hakuna-matata
> `. `'`
> `-
>
--
Anuj Aggarwal
.''`.
: :Ⓐ : # apt-get install hakuna-matata
`. `'`
`-
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20130425/a23b26b0/attachment.html>
More information about the Users
mailing list