[strongSwan] Understanding "ipsec status" output for L2TP-over-IPsec
Philip Prindeville
philipp_subx at redfish-solutions.com
Tue Jan 6 22:46:53 CET 2015
I'm using the scenario of running L2TP over IPsec and seeing:
000 "remote-access-mac-zzz": 192.168.100.10[192.168.100.10]:17/1701---192.168.100.20...%virtual[%any]:17/%any===?; unrouted; eroute owner: #0
000 "remote-access-mac-zzz": newest ISAKMP SA: #0; newest IPsec SA: #0;
000 "remote-access-mac-zzz"[2]: 192.168.100.10:4500[192.168.100.10]:17/1701...192.168.100.20:4500[192.168.10.2]:17/1701; erouted; eroute owner: #2
000 "remote-access-mac-zzz"[2]: newest ISAKMP SA: #1; newest IPsec SA: #2;
000 "remote-access-win-aaa": 192.168.100.10[192.168.100.10]:17/1701---192.168.100.20...%virtual[%any]:17/1701===?; unrouted; eroute owner: #0
000 "remote-access-win-aaa": newest ISAKMP SA: #0; newest IPsec SA: #0;
000
000 #2: "remote-access-mac-zzz"[2] 192.168.100.20:4500 STATE_QUICK_R2 (IPsec SA established); EVENT_SA_REPLACE in 3231s; newest IPSEC; eroute owner
000 #2: "remote-access-mac-zzz"[2] 192.168.100.20:4500 esp.f1825896 at 192.168.100.20 (793 bytes, 38s ago) esp.cb9db416 at 192.168.100.10 (2119 bytes, 1s ago); transport
000 #1: "remote-access-mac-zzz"[2] 192.168.100.20:4500 STATE_MAIN_R3 (sent MR3, ISAKMP SA established); EVENT_SA_EXPIRE in 3501s; newest ISAKMP
000
but I'm not sure how to parse these lines. Can someone walk me through what the 1st, 3rd, and 5th lines are showing me?
And yes, this is 4.5.2. We'll be upgrading to 5.1.3 soon but we have some legacy installs we can't retire just yet.
Thanks,
-Philip
More information about the Users
mailing list