On 4/13/07, Claer <[EMAIL PROTECTED]> wrote:
On Thu, Apr 12 2007 at 19:14, Martin Hedenfalk wrote:
> Hello misc,
Hello,
> I'm trying to delete individual tunnels with ipsecctl:
> This is on the 4.1 snapshots from April 6.
[...]
> Then I try to delete the SAs:
> # ipsecctl -ss
> esp tunnel from 192.168.5.5 to 192.168.5.12 spi 0x17661dae auth hmac-
> sha2-256 enc aes
> esp tunnel from 192.168.5.12 to 192.168.5.5 spi 0x268063a2 auth hmac-
> sha2-256 enc aes
> # ipsecctl -ss | ipsecctl -d -f-
> stdin: 1: no authentication key specified
> stdin: 2: no authentication key specified
> ipsecctl: Syntax error in config file: ipsec rules not loaded
> What authentication key is needed? How can I remove a specific SA?
Starting from 4.1, ipsecctl no longer show the SA keys with 'ipsecctl -s sa'.
To show them, there is a new -k flag.
Of course. And it's nicely documented too. Thank you!
> I should add that this is on a passive IPsec aggregator with many
> dynamic tunnels from "road warrior" type peers.
I didn't try roadw arriors yet. What client software do you use ?
Clients run OpenBSD / isakmpd too, with x509 certs and pre-allocated
tunneled networks.
-martin
