That seems to work fine. Many thanks!
Germán El 18/10/11 06:42, Stauffer Walter (Galexis) escribió: > Hi Germán, > > you may try > > ipsec whack --deletestate<nr> > > where<nr> is found in the output of ipsec status: "000 #<nr> ..." > > Best regards, > Walter > > > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On > Behalf Of Germán Salvador > Sent: Montag, 17. Oktober 2011 16:36 > To: [email protected] > Subject: [strongSwan] Can't take down connection instance > > Hi, > > I am trying to create an inactive connection cleanup script for strongswan. > My clients sometimes just unplug their 3G modem so I'm not getting a proper > VPN shutdown. I'm using IKEv1. > > The problem is that I can't take down just one instance of a connection, it > seem that I need to take down all the connections that share the same > name: > > > root@debian:~# ipsec status > 000 "vista_psk": > 192.168.0.0/24===77.209.245.65[77.209.245.65]---10.64.64.64...%any[%any]==={0.0.0.0/0}; > unrouted; eroute owner: #0 > 000 "vista_psk": newest ISAKMP SA: #0; newest IPsec SA: #0; > 000 "vista_psk"[3]: > 192.168.0.0/24===77.209.245.65[77.209.245.65]---10.64.64.64...178.139.0.125[178.139.0.125]===178.139.0.125/32; > erouted; eroute owner: #6 > 000 "vista_psk"[3]: newest ISAKMP SA: #0; newest IPsec SA: #6; > 000 "vista_psk"[4]: > 192.168.0.0/24===77.209.245.65[77.209.245.65]---10.64.64.64...77.209.209.224[77.209.209.224]===77.209.209.224/32; > erouted; eroute owner: #8 > 000 "vista_psk"[4]: newest ISAKMP SA: #0; newest IPsec SA: #8; > 000 > 000 #6: "vista_psk"[3] 178.139.0.125 STATE_QUICK_R2 (IPsec SA established); > EVENT_SA_REPLACE in 616s; newest IPSEC; eroute owner > 000 #6: "vista_psk"[3] 178.139.0.125 [email protected] > [email protected] [email protected] (15600 bytes, 2454s > ago) [email protected] (15780 bytes, 2454s ago); tunnel > 000 #8: "vista_psk"[4] 77.209.209.224 STATE_QUICK_R2 (IPsec SA established); > EVENT_SA_REPLACE in 1236s; newest IPSEC; eroute owner > 000 #8: "vista_psk"[4] 77.209.209.224 [email protected] > [email protected] [email protected] (125280 bytes, 1s > ago) [email protected] (125460 bytes, 1s ago); tunnel > 000 > > > For example, with two clients, one of them disconnected a lot time ago... > > root@debian:~# ipsec down vista_psk[3] > 021 no connection named "vista_psk[3]" > > root@debian:~# ipsec down "vista_psk"[3] > 021 no connection named "vista_psk[3]" > > root@debian:~# ipsec down vista_psk > 002 "vista_psk"[4] 77.209.209.224: terminating SAs using this connection > 002 "vista_psk" #8: deleting state (STATE_QUICK_R2) > 002 "vista_psk" #8: down-client output: 200 OK > 002 "vista_psk"[4] 77.209.209.224: deleting connection "vista_psk" > instance with peer 77.209.209.224 {isakmp=#0/ipsec=#0} > 002 "vista_psk"[3] 178.139.0.125: terminating SAs using this connection > 002 "vista_psk" #6: deleting state (STATE_QUICK_R2) > 002 "vista_psk" #6: down-client output: 200 OK > 002 "vista_psk"[3] 178.139.0.125: deleting connection "vista_psk" > instance with peer 178.139.0.125 {isakmp=#0/ipsec=#0} > > root@debian:~# ipsec status > 000 "vista_psk": > 192.168.0.0/24===77.209.245.65[77.209.245.65]---10.64.64.64...%any[%any]==={0.0.0.0/0}; > unrouted; eroute owner: #0 > 000 "vista_psk": newest ISAKMP SA: #0; newest IPsec SA: #0; > 000 > > > What am I doing wrong? > > > Thanks in advance, > Germán > > > _______________________________________________ > Users mailing list > [email protected] > https://lists.strongswan.org/mailman/listinfo/users > _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
