Let me explain what I want. I want to be able to see the status of the VPN connections but not via the webadmin. I know I can see the current established connections from /var/chroot-ipsec/var/run/ipsec_state. I can get that via a script and display it, properly formated, on another web site.
What I want to know is which connections are not up. Especially interesting would be this output from the webadmin:
000 "Some_Tunnel": 172.16.0.0/12===x.x.x.x...x.x.x.x.===172.20.0.0/16
000 "Some_Tunnel": CAs: '%any'...'%any'
000 "Some_Tunnel": ike_life: 7800s; ipsec_life: 3600s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0
000 "Some_Tunnel": policy: RSASIG+ENCRYPT+TUNNEL; interface: eth1; unrouted
000 "Some_Tunnel": newest ISAKMP SA: #0; newest IPsec SA: #0; eroute owner: #0
000 "Some_Tunnel": IKE algorithms wanted: 5_000-1-5, flags=-strict
000 "Some_Tunnel": IKE algorithms found: 5_192-1_128-5,
000 "Some_Tunnel": ESP algorithms wanted: 7_128-1, flags=-strict
000 "Some_Tunnel": ESP algorithms loaded: 7_128-1_128,
That way, from the absence of ISAKMP SAs (newest ISAKMP SA: #0) I can see the tunnel is not up. How can I see that from the command line ? What generates it ? In the webadmin is under IPSEC VPN -> Connections (or in version 5 under IPSEC VPN -> Connections - VPN Status Show button)
Any info is appreciated.
Thanks,
Stefan
This thread was automatically locked due to age.
