[strongSwan] Query regarding ipsec pool
divya mohan
m.divya.mohan at zoho.com
Wed Jun 3 10:16:20 CEST 2015
Hi,
I'm using strongswan IKEv2 configuration for DB (sqlite3) based server
side virtual IP.
I am using pool utility for managing the virtual IPs.
>From the documentation given at
https://wiki.strongswan.org/projects/strongswan/wiki/Ipsecpool, I'm
not clear on what the status means.
Could you please explain the terminology online|offline|valid|expired.
Is 'offline' applicable only when timeout is 0?
Will offline/expired addresses be released so that it will be provided
to other clients?
Also, the time shown in the output of 'ipsec pool --leases' is very confusing.
Creating the pool:
# ipsec pool --add bigpool --start 60.60.60.1 --end 60.60.60.1 --timeout 1
allocating 1 addresses... done.
Client established connection:
# date --utc; ipsec pool --leases --utc
Wed Jun 3 07:00:35 UTC 2015
name address status start end
identity
bigpool 60.60.60.1 online (null) 15 09:04:32 1803625851
30.30.30.3
In above output, the start time is different from the time that client
established connection (output of date --utc).
Client disconnected:
# date --utc; ipsec pool --leases --utc
Wed Jun 3 07:01:03 UTC 2015
name address status start end
identity
bigpool 60.60.60.1 valid (null) 15 16:05:29 1803625896
(null) 29 03:51:12 1803629253 30.30.30.3
Here, start time and end time are not differing by 1 hour (timeout given)
However, the functionality is working fine - the address was marked
expired exactly after one hour, just that the output is not
understandable.
# date --utc; ipsec pool --leases --utc
Wed Jun 3 08:01:59 UTC 2015
name address status start end
identity
bigpool 60.60.60.1 expired (null) 15 16:05:29 1803625896
(null) 29 03:51:12 1803629253 30.30.30.3
Could you please explain how to understand the time shown in the output.
- Divya
More information about the Users
mailing list