-----BEGIN PGP SIGNED MESSAGE----- On Wednesday 13 August 2003 13:37, Shashank Khanvilkar wrote: > Although the above does stop the tunnel, I think it is probably not the > correct way.. According to the ipsec_auto manual, the command > "ipsec auto --down mia-zidler" should stop the tunnel, but leaving the > route intact. Thus sending any pings to such a connection should > just discard all the packets (u should not see any ping replies). > However i kept on observing ESP encapsulated ping/pong packets using > tcpdump even after the tunnel was taken down, which is not the correct > behaviour. Is this a bug or am i missing some crucial point.
What do your logs show when you issue "ipsec auto --down"? Is it possible that your peer is simply re-negotiating the tunnel the moment it goes down? "ipsec auto --status" will give you more info on the active SAs associated with the tunnel as well. - -- Sam Sgro [EMAIL PROTECTED] -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia Charset: noconv Comment: For the matching public key, finger the Reply-To: address. iQCVAwUBPzqJkEOSC4btEQUtAQEJ3AQAq0TPoE7R5topoWL8CLCRbcZHQ6NZns+D pfL9Y697h9ddqoeR7vvUEXLdEWlwZRr05oc5h5QFFVa2XD9n2sacmZ2Zv6+fdrJs JBU1kKpO4r78SXnHpvmh5Usl1uaciI20BbbVPShZRU8gIqLkPW2agIQcMUVIrtAV AdrKT7Tt5Tc= =DuGW -----END PGP SIGNATURE----- _______________________________________________ FreeS/WAN Users mailing list [EMAIL PROTECTED] https://mj2.freeswan.org/cgi-bin/mj_wwwusr
