Swanctl: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
Thomas (Diskussion | Beiträge) |
Thomas (Diskussion | Beiträge) |
||
| Zeile 17: | Zeile 17: | ||
=initiate a connection= | =initiate a connection= | ||
| − | *swanctl --initiate --child net | + | *swanctl --initiate --child net-1 |
<pre> | <pre> | ||
| − | [ENC] generating QUICK_MODE request | + | [ENC] generating QUICK_MODE request 2770629131 [ HASH SA No KE ID ID ] |
[NET] sending packet: from 10.84.252.40[500] to 10.84.252.32[500] (460 bytes) | [NET] sending packet: from 10.84.252.40[500] to 10.84.252.32[500] (460 bytes) | ||
[NET] received packet: from 10.84.252.32[500] to 10.84.252.40[500] (460 bytes) | [NET] received packet: from 10.84.252.32[500] to 10.84.252.40[500] (460 bytes) | ||
| − | [ENC] parsed QUICK_MODE response | + | [ENC] parsed QUICK_MODE response 2770629131 [ HASH SA No KE ID ID ] |
| − | [IKE] CHILD_SA net{ | + | [IKE] CHILD_SA net-1{2} established with SPIs cad409e6_i c02e7852_o and TS 10.83.40.0/24 === 10.83.32.0/24 |
| − | [ENC] generating QUICK_MODE request | + | [ENC] generating QUICK_MODE request 2770629131 [ HASH ] |
[NET] sending packet: from 10.84.252.40[500] to 10.84.252.32[500] (76 bytes) | [NET] sending packet: from 10.84.252.40[500] to 10.84.252.32[500] (76 bytes) | ||
initiate completed successfully | initiate completed successfully | ||
</pre> | </pre> | ||
| + | |||
=terminate a connection= | =terminate a connection= | ||
*swanctl --terminate --child net | *swanctl --terminate --child net | ||
Version vom 9. Dezember 2017, 19:45 Uhr
(re-)load connection configuration
- swanctl -c
loaded connection 'net' successfully loaded 1 connections, 0 unloaded
(re-)load credentials
- swanctl -s
loaded ike secret 'ike-net'
load credentials, authorities, pools and connections
- swanctl -q
loaded ike secret 'ike-net' no authorities found, 0 unloaded no pools found, 0 unloaded loaded connection 'net' successfully loaded 1 connections, 0 unloaded
initiate a connection
- swanctl --initiate --child net-1
[ENC] generating QUICK_MODE request 2770629131 [ HASH SA No KE ID ID ]
[NET] sending packet: from 10.84.252.40[500] to 10.84.252.32[500] (460 bytes)
[NET] received packet: from 10.84.252.32[500] to 10.84.252.40[500] (460 bytes)
[ENC] parsed QUICK_MODE response 2770629131 [ HASH SA No KE ID ID ]
[IKE] CHILD_SA net-1{2} established with SPIs cad409e6_i c02e7852_o and TS 10.83.40.0/24 === 10.83.32.0/24
[ENC] generating QUICK_MODE request 2770629131 [ HASH ]
[NET] sending packet: from 10.84.252.40[500] to 10.84.252.32[500] (76 bytes)
initiate completed successfully
terminate a connection
- swanctl --terminate --child net
[IKE] closing CHILD_SA net{6} with SPIs c1ea2318_i (0 bytes) c3ede3a4_o (0 bytes) and TS 10.83.40.0/24 === 10.83.32.0/24
[IKE] sending DELETE for ESP CHILD_SA with SPI c1ea2318
[ENC] generating INFORMATIONAL_V1 request 2587432778 [ HASH D ]
[NET] sending packet: from 10.84.252.40[500] to 10.84.252.32[500] (92 bytes)
[IKE] closing CHILD_SA net{7} with SPIs c7a4e05a_i (0 bytes) c95bd1a5_o (0 bytes) and TS 10.83.40.0/24 === 10.83.32.0/24
[IKE] sending DELETE for ESP CHILD_SA with SPI c7a4e05a
[ENC] generating INFORMATIONAL_V1 request 1981643187 [ HASH D ]
[NET] sending packet: from 10.84.252.40[500] to 10.84.252.32[500] (92 bytes)
terminate completed successfully
list loaded configurations
- swanctl --list-conn
net-net: IKEv1, reauthentication every 3600s
local: 10.84.252.40
remote: 10.84.252.32
local pre-shared key authentication:
id: 10.84.252.40
remote pre-shared key authentication:
id: 10.84.252.32
net: TUNNEL, rekeying every 600s
local: 10.83.40.0/24
remote: 10.83.32.0/24
rekey an SA
- swanctl --rekey --child net
rekey completed successfully
log
- swanctl --log
09[CFG] vici rekey CHILD_SA 'net'
09[ENC] generating QUICK_MODE request 2013598800 [ HASH SA No KE ID ID ]
09[NET] sending packet: from 10.84.252.40[500] to 10.84.252.32[500] (460 bytes)
13[NET] received packet: from 10.84.252.32[500] to 10.84.252.40[500] (460 bytes)
13[ENC] parsed QUICK_MODE response 2013598800 [ HASH SA No KE ID ID ]
13[IKE] CHILD_SA net{23} established with SPIs c6c7ffed_i cf1d5f57_o and TS 10.83.40.0/24 === 10.83.32.0/24
13[ENC] generating QUICK_MODE request 2013598800 [ HASH ]
13[NET] sending packet: from 10.84.252.40[500] to 10.84.252.32[500] (76 bytes)
list currently active IKE_SA
- swanctl --list-sas
net-net: #16, ESTABLISHED, IKEv1, a1fb1d5845410355_i* 852dddf52f17ea70_r
local '10.84.252.40' @ 10.84.252.40[500]
remote '10.84.252.32' @ 10.84.252.32[500]
AES_CBC-256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
established 572s ago, rekeying in 466s, reauth in 2968s
net: #8, reqid 4, REKEYED, TUNNEL, ESP:AES_CBC-256/HMAC_SHA2_256_128/MODP_2048
installed 440s ago, rekeying in 115s, expires in 220s
in c66297e6, 0 bytes, 0 packets
out c4bb33a8, 0 bytes, 0 packets
local 10.83.40.0/24
remote 10.83.32.0/24
net: #9, reqid 4, REKEYED, TUNNEL, ESP:AES_CBC-256/HMAC_SHA2_256_128/MODP_2048
installed 437s ago, rekeying in 104s, expires in 223s
in ccf16d2a, 0 bytes, 0 packets
out cc4f9d29, 0 bytes, 0 packets
local 10.83.40.0/24
remote 10.83.32.0/24
...