This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

ipsec stop/start specific tunnel via ssh

Hello,

I'm using the actual ASL Version 7.104.
But my problem still exists since a long time.
I have 10 IPSEC tunnels. All with preshared keys.
(The colleagues on the other side are not willing to test with
certificate or something else.)
Most of them running without problems.
Two have a problem with rekeying. I'm restarting them every morning
with the ASL Webinterface.
Two are sometimes (after days) showing as connected in ASL Webinterface,
but no data passing the tunnel.
Can I write a script that restarts -only- these tunnels when they have problems? I'm looking for something like "sudo chroot /var/sec/ipsec/ipsec stop/start tunnel-abc".

Thanks in advance
Greetings
Markus Wasse

This thread was automatically locked due to age.

0 mawasse over 17 years ago

Hello,

ssh loginuser@192.168.10.254 'sudo chroot /var/sec/chroot-ipsec/ /usr/local/sbin/ipsec statusall'

shows me a status of my fake IPSEC connection - without 2nd end.

ssh loginuser@192.168.10.254 'sudo chroot /var/sec/chroot-ipsec/ /usr/local/sbin/ipsec down S_REF_XesGFAcsze_0'

Seems to stop one tunnel.

ssh loginuser@192.168.10.254 'sudo chroot /var/sec/chroot-ipsec/ /usr/local/sbin/ipsec up S_REF_XesGFAcsze_0'

Seems to try to start again that one tunnel.
The ssh command does not end, it tries...

Am I completly wrong with my above tests?
I'm a little bit afraid to do it on the ASL in company...

Could someone help me?

Greetings
Markus Wasse
Cancel
Vote Up 0 Vote Down

Cancel
0 mawasse over 17 years ago in reply to mawasse

Hello,

ipsec down
ipsec up

helps on all my problematic tunnels, but not on one tunnel.
What does the Astaro Webinterface do different when I disable the tunnel
and enable it again? With Webinterface I can restart that tunnel.

Could someone help?

Greetings
Markus
Cancel
Vote Up 0 Vote Down

Cancel