[strongSwan] terminating a ike dpd connection

Hello ? what is the VICI terminating sequence when using DPD If IKE DPD is being sent ( tunnel was up, and now the interface is down ), how can it be terminated. swanctl -terminate -ike name (sometimes works) ___ Users mailing list

Re: [strongSwan] terminate a partial connection

Hello Tobias I tried ike, and still will not find it. When I create the connection I use: req = vici_begin("initiate"); vici_add_key_valuef(req,"child","%s",param->conn_name); /* timeout = * use the timeout, * if good conditions the response will return in < 10 seconds,

Re: [strongSwan] VICI commands initiate and terminate

Hello Tobias That's what I did at the VICI API command level, but I need to test, will get back to you. Thanks -Original Message- From: Tobias Brunner [mailto:tob...@strongswan.org] Sent: Monday, March 13, 2017 9:29 AM To: Modster, Anthony ;

Re: [strongSwan] Road warriors and site-to-site ping each other

On 13.03.2017 19:05, Hoggins! wrote: > ... so if my gateway A keeps 192.168.22.0/24 as its "real" network, but > gets – let's say – a TS 192.168.33.0/24 == 192.168.55.0/24, my road > warriors would also be on 192.168.33.0/24 (if configured accordingly, of > course), and be able to talk to gateway

Re: [strongSwan] Road warriors and site-to-site ping each other

On 12.03.2017 19:05, Hoggins! wrote: > Now I want to have road warriors connected on gateway B. That's cool > : they get a dynamic IP address on 192.168.22.0/24 and they can talk to > hosts on 192.168.55.0/24. Great. TL;DR: Use a different subnet. Long story: You've got conflicting subnets

Re: [strongSwan] terminate a partial connection

Hi Anthony, > I tried to terminate using “swanctl -t --child sgateway1-gldl”. > > But the error returned was it could not find the connection to terminate. At that point there is no CHILD_SA with that name. Try --ike. Regards, Tobias ___ Users